At the HP Software Performance Tour 2014 Pierpaolo Ali’, South Europe Sales Director - HP Enterprise Security Products, illustrated the 2014 vulnerability landscape in IT security.
Origin: 2009, explain the idea. What are people really doing? Talked to Microsoft, Google, Adobe, DTCC, Intel, Goldman, JMPC, …
Gather data
Discuss data
Create framework 110 distinct activities. Example: Use a static analysis tool, know your top x vulns, do security training, … In 3 levels: Easy, medium, hard (Rocket science)
For each of the 9 firms build a scorecard
Now: 67 firms
No special snow flakes
Most important difference: Perscriptive vs descriptive. Not competing. You need both!
22 anonymous. No need to have your logo here. Look for more participants. Especially in Europe.