The OWASP DC folks put up the first batch of videos from the 2010 OWASP DC conference, including the video from my presentation “Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers” It can be seen online here:
The slides from that presentation are also online:
Having an accurate application portfolio is critical because if you don’t know your organization’s attack surface then you don’t know what to defend. Building risk-ranking into that portfolio is also key because it allows you to properly allocate scarce assessment and remediation resources.
Please email me if you would like a copy of the Excel spreadsheet mentioned in the talk.
dan _at_ denimgroup.com