assessment-page

Question 1 of 5

Application Security Testing Tools

Application Security tools help identify security risks and vulnerabilities at different steps in the software development lifecycle, reducing risks before applications reach production.

Which types of application security tools are used by your organization today?

(Select all that apply)

Question 2 of 5

Risk Assessment and Prioritization

As application security programs grow, so does the volume of security alerts. An effective program requires tools and processes to identify which risks are highest priority.

How does your organization assess and prioritize security risks found in applications?

(Select all that apply)

We rely on developers to review the output of our AppSec and then prioritize vulnerabilities in their code. We have a defined and ongoing process for security team and developers to review the output of our AppSec tools for applications that we develop (first party code). Our security team and our developers work together to prioritize the security issues that should be fixed first. We review and evaluate the security of the open source code and libraries that are included in our applications. We check 3rd party software that we use for vulnerabilities and security risks. We have tools in place to automatically rank and prioritize vulnerabilities based on potential business impact. We have a program in place to regularly generate software supply chain security reports. We conduct architecture risk assessments as part of the application design and development process. We use threat modeling to proactively identify attack vectors and security gaps by analyzing system components and data flows.

Question 3 of 5

Application Security Policy and Compliance

Security policies and compliance frameworks help ensure applications meet regulatory standards and internal requirements.

Which of the following statements describe your organization’s approach to application security policies and compliance?

(Select all that apply)

Question 4 of 5

Application Security Issue Remediation

Quick and effective remediation of security issues is critical to minimizing risk.

What best describes your organization’s approach to security remediation?

(Select all that apply)

Security issues are addressed based on developer availability. Risk remediation tasks are jointly managed by security and development teams. Security fixes are prioritized based on business risk. We sometimes implement compensating controls in place of high-risk fixes. Developers receive guidance on how to address security issues. Security remediation is progressively automated.

Question 5 of 5

Security Metrics and Reporting

Tracking security metrics helps measure the effectiveness of the security program and identify areas for improvement.

Which of the following security metrics and reporting mechanisms does your organization use?

(Select all that apply)

Vulnerability reporting.

Reports vulnerabilities detected across applications.

Current security posture reporting.

Reports on the current security posture of individual applications.

Team reporting.

Application owners and teams can see their current security posture and results.

Security performance comparisons.

Enables business leaders to compare security performance and policy compliance across teams.

Compliance tracking and reporting.

Reports on current and past policy compliance against the requirements of specific compliance and policy frameworks.

Business unit visibility.

Enables business leaders to compare security performance and policy compliance across business units, divisions, or other entities that include multiple application development teams.

ROI of security investments.

Measures return on investment for security tools and initiatives.

Integration of security metrics with SDLC.

Security metrics at each stage of the SDLC are reported as part of the overall SDLC metrics and dashboard.

Hang tight. Your personalized report is being prepared and will be sent to your email shortly.

This may take a minute or two.

Secure Software Delivery

Secure Open CD

Open CD

Solutions for spinnaker

OpsMx Delivery Shield

OpsMx Delivery Flow

Application Protection Platform

Complete Application Security

OpsMx Delivery Flow

Open Source Continuous Delivery

Security and DevOps Integrations

Secure Delivery

Intelligent Delivery

Case Studies

Spinnaker

Argo

DevOps Transformation

CD University

Question 1 of 5

Which types of application security tools are used by your organization today?

Question 2 of 5

How does your organization assess and prioritize security risks found in applications?

Question 3 of 5

Which of the following statements describe your organization’s approach to application security policies and compliance?

Question 4 of 5

What best describes your organization’s approach to security remediation?

Question 5 of 5

Which of the following security metrics and reporting mechanisms does your organization use?

Ship better software faster