[Owasp-leaders] Bring balance: force verification in scanning tools

Timothy D. Morgan tim.morgan at owasp.org
Mon May 23 15:11:46 UTC 2016

> The stats regarding data breaches are uprise. Why? Now more than ever,
> there are more data breaches and for what the data and stats tells me is
> what ever is happening, we don't do enough or we do the wrong things to
> help appsec security.

Don't put too much faith in any infosec stat.  When you look hard at how the
data is collected, you quickly realize it is the tip of the tip of the tip of
an iceberg.  There's huge room for bias in the collection.  It's easy to ask
for more data, but getting *good* data of the *kind we want* is usually
impossible.  After all, those that have the most knowledge of breaches are the
intruders, not the defenders, and they usually aren't very forthcoming.


More information about the OWASP-Leaders mailing list