Episode 16

Applying your Risk Score: Where it Belongs & Where it Doesn't

#LTAPod is back for a new season of 5-minute AppSec with Mark Lambert and Luis Guzmán in the ArmorCode studio. On the table today: risk scores. We take a turn from last month's episode on risk prioritization/scoring to delve into how risk scores are utilized by teams—and when their use might backfire. As a standalone metric, one's overall score can be helpful for posture-at-a-glance; but as a measure or goalpost for team performance, security leaders may find their score too volatile or reductive. This should track when considering that a risk score's purpose isn't to quantify a team's efforts, but to prioritize them.

Resources

Further listening

Preparing for the Next AI Cyber Attack

Episode 47

The Pitfalls of Risk Scoring

Episode 46

Building a Robust AppSec Program With the OODA Loop Framework

Episode 45

Finding Highest Priority Vulnerabilities to Work On

Subscribe for updates

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences