Software Security by the Numbers

Presented at ShmooCon XII (2016), Jan. 16, 2016, 11 a.m. (60 minutes).

Every industry faces the challenge of securing software, so why do some industries "get it" while others struggle to manage the problem at scale? In this session, we will share data drawn from over 200,000 application assessments performed via Veracode's cloud platform over an 18-month period. This is the largest data set of its kind, and it provides unique insight into the state of software security. Attendees can use this information to benchmark their AppSec program against peers, answering key questions such as:

Presenters:

• Chris Eng
  Chris Eng (@chriseng) is vice president of research at Veracode. Throughout his career, he has led projects breaking, building, and defending software for some of the world's largest companies. He is an unabashed supporter of the Oxford comma and hates it when you use the word ask as a noun.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2016/Software Security By The Numbers.mp4
• https://infocon.org/cons/ShmooCon/ShmooCon 2016/Software Security By The Numbers.srt (subtitles)