#LTAPod is back for a new season of 5-minute AppSec with Mark Lambert and Luis Guzmán in the ArmorCode studio. On the table today: risk scores. We take a turn from last month's episode on risk prioritization/scoring to delve into how risk scores are utilized by teams—and when their use might backfire. As a standalone metric, one's overall score can be helpful for posture-at-a-glance; but as a measure or goalpost for team performance, security leaders may find their score too volatile or reductive. This should track when considering that a risk score's purpose isn't to quantify a team's efforts, but to prioritize them.
Applying your Risk Score: Where it Belongs & Where it Doesn't
January 13, 2023