DEV Community

Discussion on: How do you measure security? Security Metrics

Collapse
 
sturzl profile image
Avery

You can try to benchmark your system vs known good processes. For example, are you doing x,y,z things in a standard checklist? But find comparisons to "secure" systems might be a good place to start. Why are the considered secure?

For more explicitly "testing the tester" check out this page, and the Youden index, as well. Maybe you could run the benchmark app through your security process to see how things pan out: owasp.org/index.php/Benchmark