cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cweatherford
Newcomer I

securityscorecard.com

Without going into much detail, has anyone had experience with securityscorecard.com? Thoughts?

2 Replies
AppDefects
Community Champion

These "rating agencies" are becoming more and more prevalent and can be used by customers and cyber insurers. SecurityScoreCard and BitSight are two of the originals. Each has their own "scoring algorithm" for multiple risk vectors. Hint: watch for their algorithms to be "improved" this fall.

 

If you don't know what "assets" you have on the Internet then they are good at DISCOVERY and rating them. Getting your grade/score to change is SUBSTANTIAL work, especially if your assets are in the thousands and you have hundreds of dev teams. Plan to assign multiple FTEs to move your grade. But you may ask does moving the grade up fix systemic problems? No. Ultimately, fixing dev processes, CI/CD automation, and everything else they say is wrong with your infrastructure, DNS, web apps, and mobile apps etc is the root of the problem that needs to change in your organization. Good luck. You are going to need it.

cweatherford
Newcomer I

Thanks for the reply, AppDefects!

For the record, I don't like these type of shops. They feel a little dirty...