How to put a number on the cost of something that may not even happen? How to assign value to abstract and subjective constructs like “brand reputation” or “customer trust”? How do we know if we’re spending enough on security, and how to tell if we’re spending too much? Assuming we have the budget for software security, where should we invest it? And in the absence of a budget, what can we do to obtain it?
- Slides: Presentation Slides
- Conference: DevOps Days Zurich 2024