Episode 44

Risk Scoring: How it's Made and How it Works for You

How does risk scoring help, and how do you get the most value out of yours? ArmorCode Senior Solutions Engineer Alex East joins Mark to answer just that. And here's what we learn:

1. Risk scoring quantifies your Dev & security teams' ability to design secure software and address any weaknesses found – via a point-in-time value. This can be measured against historical data and used to make predictive analyses of future risk.

2. Risk scores rarely compare apples-to-apples. Scores reflective of assets with different degrees of business criticality, sensitivity, publicity, complexity, or obligation to compliance requirements will each mean something different to a risk officer. Comparisons across industry lines or even between similar businesses are inherently flawed, so it's often best to contextualize risk categorically.

Resources

Further listening

Understanding AppSec Part 3: Testing Your Code – DAST, Pentesting and Red Teaming

Episode 80

Understanding AppSec Part 2: Getting Your Code to the Cloud – IAC, Container Security, CSPM

Episode 79

Understanding AppSec Part 1: Securing Your Code – SCA and SAST

Episode 78

Scaling AppSec to Secure the Smallest Doors and the Biggest Buildings

Subscribe for updates

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences