Software Security by the Numbers presented at Shmoocon 2016

by Chris Eng,

Summary : Every industry faces the challenge of securing software, so why do some industries “get it” while others struggle to manage the problem at scale? In this session, we will share data drawn from over 200,000 application assessments performed via Veracode’s cloud platform over an 18-month period. This is the largest data set of its kind, and it provides unique insight into the state of software security. Attendees can use this information to benchmark their AppSec program against peers, answering key questions such as:
Do I have more serious vulnerabilities than my peers?
What percentage of vulnerabilities do my peers remediate?
How many of our applications should pass the OWASP Top 10 when initially assessed?
What are the most common vulnerabilities in our vertical?
How do coding vulnerabilities manifest across different programming languages?
Chris Eng (@chriseng) is vice president of research at Veracode. Throughout his career, he has led projects breaking, building, and defending software for some of the world’s largest companies. He is an unabashed supporter of the Oxford comma and hates it when you use the word ask as a noun.