When Headlines Meet Metrics: Connecting the Dots presented at Shakacon 2012

by Jeremiah Grossman,

Summary : We've seen the headlines: Citigroup, Sony, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and others all have had websites compromised. No company is immune, regardless of industry. The stories are the same with millions of lost credit-card numbers, millions of personal information records exposed, and gigabytes worth of intellectual property stolen. The net result comes to corporate losses in the hundreds of millions, sharp stock price declines, lawsuits, fines and costly downtime. Now the question becomes, what can be done about it? In this presentation Jeremiah Grossman, founder and CTO at WhiteHat Security, will discuss vulnerability assessments results performed across hundreds of organizations on thousands of the Internet's most important websites -- a process designed to identify the very same issues the bad guys routinely exploit. By mapping this volume of data against the high-profile breaches, we can learn how an organization ranks relative to their peers in the same industry. We're also able to compare the characteristic of highly secure websites versus the highly vulnerable so we can identify the business practices that work best. Ultimately, the answer to the software security question can be found through metrics. By carefully tracking and analyzing metrics, very particular key performance indicators (KPIs), an organization can determine where resources would be best invested.