The slides from my OWASP AppSec DC presentation “Application Portfolio Risk Ranking: Banishing FUD with Structure and Numbers” are now online here:
Keeping an up-to-date and accurate application portfolio is a critical practice for application security managers. I had an opportunity to speak with a lot of sharp folks after the presentation and got some great tips on additional things we can roll into the model.
If you would like a copy of the Excel spreadsheet used to demonstrate the model during the presentation please just email me (dan _at_ denimgroup.com)
Contact us for help enumerating and risk-ranking the applications in your portfolio.
dan _at_ denimgroup.com