Executive View Of Development Team Performance
Performance Dashboard complements Test Manager and other GRC Select applications with focused reporting for an executive audience. Application security assessments across multiple properties produce a lot of test and vulnerability data. Performance Dashboard summaries tactical information enabling strategic decisions by answering:
What is the security testing coverage across all applications?
Are development teams fixing the right vulnerabilities in the right time frame?
Which applications are top performers?
What are the trends in vulnerabilities within and across applications?
Answering these questions enables leadership to adjust resources in application security, focus attention on problem areas first, and targeting training to the most critical areas.
View Security Testing Progress
Performance Dashboard provides a high level view showing which applications have performed security testing and their progress. Filtering on a group of assets or test categories provides a drill-down view when needed.
Vulnerability Mitigation Performance
Performance Dashboard supports two scenarios to understand if development teams are mitigating vulnerabilities on a time line consistent with business risk tolerance.
Are priority vulnerabilities fixed within an acceptable time frame?
Per application, is the age of vulnerabilities acceptable?
The Findings view also enables a drill down into individual vulnerabilities if tactical questions need immediate answers.
The analysis tab provides a powerful view showing vulnerability counts by severity and type across applications. Looking across a large number of applications, the top performers are quickly identified. Applications can also be classified when different find-fix standards are applied to higher risk assets.
The most popular benefit of Performance Dashboard is identifying types of vulnerabilities across applications. For example, it's common to find higher vulnerabilities counts across Input Validation and Session Management. Executives can then direct secure development resources and training to specific areas and teams.
Please contact us to trial Performance Dashboard within your internal assessment team.
Due to the narrow focus of Performance Dashboard, it is not included in the automated GRC Select trial. Performance Dashboard, and its companion Test Manager, are available for Enterprise Edition subscribers.