Secure Code Review: Enterprise Metrics presented at OWASP Appsec 2010

by Anonymous Speaker,

Tags: Others Security


Summary : Developers in large organizations are experiencing a move to a more holistic centralized management of application source code and its review and reporting for vulnerabilities. Presented will be the vulnerability statistics, which were collected at various programming milestones for a range of applications from an enterprise-wide application development portfolio. Application vulnerabilities, which were detected using automated source code analysis tools were stored in a centralized database and reported back to developers and management with the intent of managing risk at an enterprise level. Reports aligned vulnerability classes to the OWASP Top 10. The centralized view of source code vulnerability metrics are shown to drive an enterprise approach to developing standardized security API’s throughout the SDLC.