How do you evaluate overall Product Security risk in a software company? Do you use $$$, percentages, Risk levels (L,M,H). Do you reciprocate risk with the estimated effort required to reduce it? If yes, do you use $$$, effort days, or similar?

3.6k views2 Comments

Sort by:

Chief Information Security Officer in Healthcare and Biotech2 years ago

Quantification of impact is super important. If the product ( s/w) is down then the business loss and reputation is the primary; if legal implication is there - count that too.

CIO in Services (non-Government)2 years ago

We always lead with risk levels and potential regulatory issues that could arise due to product security issues, followed by $$$$ exposure.

We are HIPAA and GDPR heavy, in terms of regulatory compliance, and we have PCI-DSS and other customer/patient data that could potentially be exposed unless we ratchet up our security posture and we most definitely focus on code hygiene and security by way of end-to-end encryption.

Content you might like

Has anyone had any success with evaluating the impact of using Generative AI tools such as GitHub's Copilot on the productivity or performance impact on developers? I see a lot of qualitative discussions about how developers say they are more productive, but how are you measuring that impact?

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

As technology leaders, where are you seeing the most challenges or gaps?

Executive Support10%

Projects vs. Operations68%

Building a culture of Security15%

Team Completeness5%

View Results

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%

View Results

How do you evaluate overall Product Security risk in a software company? Do you use $$$, percentages, Risk levels (L,M,H). Do you reciprocate risk with the estimated effort required to reduce it? If yes, do you use $$$, effort days, or similar?

Sort by:

Content you might like

Has anyone had any success with evaluating the impact of using Generative AI tools such as GitHub's Copilot on the productivity or performance impact on developers? I see a lot of qualitative discussions about how developers say they are more productive, but how are you measuring that impact?

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

As technology leaders, where are you seeing the most challenges or gaps?

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

DevSecOps: Strategies, Organizational Benefits and Challenges

Green Cloud Computing

Omnicloud: The Future of Cloud Computing?

Generative AI and Software Engineering Teams: Adoption and Training

Take Your Insights On-the-Go