Once your application security program is up and running, there are several metrics you can use to gauge your progress and optimize your program. For instance, companies typically measure their scan activity, flaw density, and policy compliance. However, very few include metrics for fix rate, despite the fact that it is an important indicator of a program’s success. Fix rate indicates how long it takes for a team to fix the vulnerabilities their scans find. Fix rate is calculated as follows:
Fix Rate = Fixed Flaws divided by (Fixed + Open Flaws)
from DZone.com Feed http://bit.ly/2vrPfgf
No comments:
Post a Comment