The ROI of AppSec: Getting your Money\\'s Worth from Your AppSec Program

  • Thursday, 30 Nov 2017 1:00PM EDT (30 Nov 2017 18:00 UTC)
  • Speakers: Maria Loughlin, Jim Bird, Ellen Nussbaum

Cloud computing did more than change the focus of corporate development from homegrown software aimed at employees to customer-facing apps able to survive exposure outside the corporate perimeter.

It shifted at least some of the responsibility for application security onto development and forced development managers to not only build in security, but also to figure out how to justify costs only InfoSec had to worry about before.

Efficiency is as important in appsec as it is in cost-justifying dev tools, but there is much more involved in reaching it than simply maximizing the production of code. Knowing how much a flaw costs to fix depends on the accuracy of your point of reference as well when the flaw is discovered, where it is, when and by whom it is fixed, 'according to SANS development and financial-analysis expert Jim Bird.

Justifying appsec spending requires not only knowing how efficient a tool and process can be, but also how cost-effective they are and how that approach compares to others - questions that depend on determining levels of risk, the varying costs of remediation and, ultimately, the potential cost of a breach.

Register for this webcast and Bird will walk you through models he's built to estimate those costs. You'll learn how to use cost models to produce credible cost analyses you can use to help guide your own appsec decisions, and to help justify appsec spending in budget proposals.

Click here and you'll be among the first to receive an associated whitepaper with full analysis of the varied factors in determining the ROI of appsec by report author and SANS expert Jim Bird.