Pejman Pourmousa, Vice President, Services, Veracode and Amy DeMartine, Research Director, Forrester Research
The most important function of an application security program is effectively fixing flaws once they’re discovered. But the speed of that fix rate matters — the time it takes for attackers to come up with exploits for newly discovered vulnerabilities is measured in days, and sometimes hours. Yet our most recent State of Software Security report found that one in four high and very high severity flaws aren’t addressed within 290 days of discovery.
Improving your fix rate is critical, but the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed.
This might seem like an insurmountable problem, but our data also presents hopeful glimpses at potential prioritization and software development methods that could help organizations reduce risk more quickly. In this session, we’ll share some steps and best practices that will start lowering your fix rate.
About the speakers:
Pejman Pourmousa is Vice President of Services at Veracode, where he is responsible for the successful adoption of Veracode’s solutions by its customers. He has spent the last seven years building cohesive teams that help customers develop, deploy and mature their App Sec programs. Using his depth of experience, he guides top leaders of organizations on how to realize the potential of their application security programs. Pejman has spent the entirety of his career in the area of services management and delivery specifically around Compliance, Risk and Security.
Amy DeMartine is the Research Director at Forrester Research and helps security, risk professionals transform their current software, and application security practices to support continuous delivery and improvement, focusing on strong partnerships with application development, operations, and business teams.
This session is part of Veracode's "Your AppSec Game Plan" Summit.