From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,600 courses taught by industry experts.

Security metrics

Security metrics

- [Instructor] Measuring your security over time helps you improve your security software lifecycle management policies and procedures, and the fastest path to identifying and implementing these improvements is through security metrics. Peter Drucker, the well-known management consultant and author, was famously quoted as saying, "If you can't measure it, you can't improve it." That saying holds true when it comes to secure software lifecycle management. If your CISO were to ask you, "Is our application secure?" How would you answer that question? How would you even know if your idea of secure and the CISO's idea of secure were the same? Through metrics. That's how. One of the most popular software metrics is defects per line of code. With the right tools, this metric is easy to capture and measure, which accelerates your ability to address those defects and improve your code. Steve McConnell, author of Code Complete, recommends measuring code defects per thousand lines of code or…

Contents