Speed Matters in AppSec: How to Start Improving Your Fix Rate

Logo
Presented by

Pejman Pourmousa, Vice President, Services, Veracode and Amy DeMartine, Research Director, Forrester Research

About this talk

The most important function of an application security program is effectively fixing flaws once they’re discovered. But the speed of that fix rate matters — the time it takes for attackers to come up with exploits for newly discovered vulnerabilities is measured in days, and sometimes hours. Yet our most recent State of Software Security report found that one in four high and very high severity flaws aren’t addressed within 290 days of discovery. Improving your fix rate is critical, but the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed. This might seem like an insurmountable problem, but our data also presents hopeful glimpses at potential prioritization and software development methods that could help organizations reduce risk more quickly. In this session, we’ll share some steps and best practices that will start lowering your fix rate. About the speakers: Pejman Pourmousa is Vice President of Services at Veracode, where he is responsible for the successful adoption of Veracode’s solutions by its customers. He has spent the last seven years building cohesive teams that help customers develop, deploy and mature their App Sec programs. Using his depth of experience, he guides top leaders of organizations on how to realize the potential of their application security programs. Pejman has spent the entirety of his career in the area of services management and delivery specifically around Compliance, Risk and Security. Amy DeMartine is the Research Director at Forrester Research and helps security, risk professionals transform their current software, and application security practices to support continuous delivery and improvement, focusing on strong partnerships with application development, operations, and business teams. This session is part of Veracode's "Your AppSec Game Plan" Summit.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (396)
Subscribers (31044)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at www.veracode.com