product development security assessment

Comparative Security

Sustainable levels of performance can never be achieved without keeping security at the forefront of an organization’s digitalization strategy. Too often, security is treated like an after-thought – an activity at the end of the product development cycle or something to “fix” once a vulnerability is identified.

Comparative Security provides forward-leaning organizations with the information and intelligence necessary to embed security thinking as a natural part of an organization’s operational strategy. By treating security as an integral part of product development, companies can limit their security exposure, make better tradeoffs and more effectively maneuver the constant security challenges inherent in today’s fast-moving business landscape.

Trusted Content

Comparative Security is created by security professionals with experience from some of the world’s most respected organizations.

Key Security Dimensions

The survey covers key dimensions of a comprehensive security strategy, including Governance, Intelligence, SSDL Touchpoints and Deployment.

Dynamically Updated and Validated

The results are collected, statistically validated and ultimately informs the comparative dataset available for your benchmarking.

About Comparative Security

Understand how you stack up against other companies or peers in your industry so you can more effectively target your security investments where it makes the most sense. By deploying a data-driven strategy to security, you’ll be able to:
  • Give team members a voice and involve people at all levels of the organization as part of your security strategy.
  • Get a perspective of your current security risk profile and understand strengths and weaknesses of your approach compared to peers.
  • Quickly target areas of your security strategy where you need to act; recognize where you can build on existing strengths.
  • Integrate a continuous improvement approach to your security strategy: leverage Comparative Security to inform a strategic security roadmap at all levels of the organization.
continuous improvement process

Sample Questions

Governance
Our organization has an evangelist - an active advocate - who keeps stakeholders aware of the issues around information security and their importance to the business.
Intelligence
We maintain a list of open source used in apps, and have a process to keep it current with security patches.
SSDL Touchpoints
Security requirements are used to review feature designs.
Deployment
We use external penetration testers to find problems.
Outcomes
The team is producing higher quality products than before.
Governance
We have gates in our SDLC that call for security-related artifacts.
Intelligence
We analyze and document application-specific threat models and/or top attack lists.
SSDL Touchpoints
We perform basic threat modelling (perhaps with a standard questionnaire) on each new application or feature.
Deployment
Findings from penetration testing are entered into the produce development process (e.g. backlog, defect tracking).
Top Features
  • Embed security as an integral part of your organization’s product development approach
  • Benchmark your company’s security efforts against peers in your industry
  • Understand where you need to invest additional time and resources; amplify existing strengths
  • Assess efforts at the team, program and organizational levels

Comparative Agility

Fuel data-driven continuous improvement efforts at the team, program and organizational levels through uncommon insights and actionable feedback.