[Owasp-leaders] Metrics

James McGovern JMcGovern at virtusa.com
Mon Nov 29 14:02:28 EST 2010


Monday Thoughts.  We are great at capturing metrics around activities
(number of incidents), money (security budgets) and even innovative ways
to count things (CWE, CVE, etc) yet security still isn't "visible" to
the masses.  Jeff Williams and the Rugged crowd, threw out the idea of
software ingredients. Should we attempt to capture that notion as part
of Rohit's Web Application Security Framework Manifesto where the
protections are more of the ingredients than things such as weaknesses?

 

If you are a baseball fan (I am not), there is a popular book named
MoneyBall where they have figured out how to measure/model the
performance of baseball players which aided in creating market
efficiencies. This was huge for baseball and I believe that infosec
needs the equivalent. Is there merit in the metrics project figuring out
how to build a data warehouse (think data.gov) that everyone could query
to understand their security posture? It could contain products,
vulnerabilities, weaknesses, ingredients, etc. We could even figure out
a novel way of including the "findings" format that Dinis Cruz often
leverages to discover new insights.

 

James McGovern
Insurance SBU 

Virtusa Corporation

100 Northfield Drive, Suite 305 | Windsor, CT | 06095

Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  

  <http://www.virtusa.com/>    <http://www.virtusa.com/blog/>   
<https://twitter.com/VirtusaCorp>   
<http://www.linkedin.com/companies/virtusa>   
<http://www.facebook.com/VirtusaCorp> 

 


Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.

---------------------------------------------------------------------------------------------

This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

---------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101129/9333e261/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1397 bytes
Desc: image001.jpg
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101129/9333e261/attachment-0001.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 744 bytes
Desc: image002.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101129/9333e261/attachment-0004.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1211 bytes
Desc: image003.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101129/9333e261/attachment-0005.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 789 bytes
Desc: image004.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101129/9333e261/attachment-0006.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 763 bytes
Desc: image005.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101129/9333e261/attachment-0007.gif 


More information about the OWASP-Leaders mailing list