What technology, language, or framework you wish you could start using at work today?

Brandon Burzon — Thu, 18 Jul 2019 06:56:13 +0000

For me, it’s Elm. Which is weird since I’m a backend developer who loves his job and spends 90% of his time writing in Java 😂.

How do you measure security? Security Metrics

Brandon Burzon — Sun, 03 Mar 2019 16:20:32 +0000

Every few months, we see companies like Facebook and Google go in front of the Congress to answer questions like, "Have you ever had a data breach?"

If your stakeholders ask you this question today, what would you say?

As developers and engineers (I still don't get the difference), there are a lot of benefits on being data-driven. Perhaps we can use metrics to answer questions like, ”How secure are we today vs yesterday, last month or even last year?”

Here are just a few metrics I've seen people use to measure security:

Number of resolved vs unresolved security risks
Number of hosts running unpatched or outdated kernels
Number of recalled or deprecated dependencies
Number of detected vulnerabilities through manual or automated code review (ex: static code analysis)
etc.

I think having security metrics is one way we can raise the security bar for our team, company, and industry. It can help us drive actions to make our applications more secure in order to protect sensitive data and maintain our customers’ trust.

I understand that the security metrics you choose depends on the type of data or application you are trying to protect. For example, there is not a lot of value in measuring security for trying to protect access to data that is purposely made available to the public.

So given an application that handles sensitive data, what are some ways you would measure its security? What security metrics would you implement?

Forem: Brandon Burzon

What technology, language, or framework you wish you could start using at work today?

How do you measure security? Security Metrics