Reducing Software Vulnerabilities – The "Vital Few" Process and Product Metrics

Speakers: Dr. Bill Curtis, Executive Director, CISQ and Girish SEshagiri, EVP and CTO, ISHPI

Presented live on October 26, 2016

In this webinar, we will demonstrate the combined impact of high maturity processes and disciplined agile teams on secure software development. We will share real world data – nearly zero security incidents attributable to poor quality software.

Defective software is insecure. This presentation will demonstrate how disciplined agile teams consistently deliver substantially defect-free software on predictable cost, and schedule, by making quality the number one goal of every project. The teams build security throughout the life cycle and do not rely on testing alone for defect removal. Customer benefits include dramatically reduced number of security incidents attributable to poor quality software code and reduced operations and maintenance costs. While time to market is important, managers must also empower developers with the skills, training and certification needed to deliver products with fewer vulnerabilities the first time around. We will share real world cost, schedule and quality data to illustrate these points.

Takeaways from the webinar:

  • The impact of common violations of good coding practices on security and maintainability
  • How to ensure that software code has zero Top 25 most dangerous security violations early in the lifecycle
  • “Excellent” code can reduce maintenance cost to as little as 3 to 5 percent of development cost
  • The cause of suboptimal results such as a “deliver now, fix later” culture, unacceptable increases in technical debt and total ownership cost in many “agile” projects
  • High maturity optimizing process provides the “vital few” process and product metrics to help agile teams reduce software vulnerabilities
  • How to build and maintain agile software development teams and achieve results better than the best in class


Watch the webinar on CISQ YouTube