Workshops‎ > ‎cs-ga-2010‎ > ‎

Chris Wysopal


Application Security Intelligence

Risk management requires consistent, up to date information across an organization.  Application security intelligence is the accumulation and ability to query information across an organizations application portfolio. Application vulnerabilities are of course important to manage but the metadata for applications can be just as valuable to help an organization manage application risk.  Examples of application metadata:  application source, development team, SDLC processes used, install location, environmental controls, common libraries, etc. Combining application vulnerability data, application metadata, and other security information within an organization can help measure and manage organization wide application risk.