OWASP Security Spending Benchmarks Released

IMG_2267

The OWASP Security Spending Benchmarks were recently released and SC Magazine has an interesting article on them.  Denim Group was a Project Partner for this effort (although, honestly, we need to do more for the next release than we did this time around).

This is an initial effort, but it is a great start.  I’ll relay two unrelated points that I, unfortunately, can’t remember the sources for:

  • I recall listening to a podcast a couple of years ago where there was some discussion about how, in a given industry, the company that collects and provides the most information about that industry becomes the most valuable company in the industry.  In this case it is cool that OWASP and the WASC are making progress gathering industry-wide data.
  • I also recall a presentation at an OWASP conference a couple of years back where the question was posed: “How much do companies spend on network infrastructure versus security for that infrastructure?  And how much do companies spend on applications versus security for those applications?  Why are those ratios different?”  Not that they should necessarily be the same, but certainly a fun though exercise.

If I can track down a source for either of those anecdotes I will post it.

Getting additional data about the application security industry and how organiations are attacking the problem is great progress and shows that the state of the industry is advancing.

–Dan
dan _at_ denimgroup.com

(picture is of some broken glass built into the top of a wall in Tangier, Morocco, (c) 2008 Dan Cornell)

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *