| title | Evidence-driven Security Engineering | |||||
|---|---|---|---|---|---|---|
| date | 2019 | |||||
| authors |
|
|||||
| conference |
|
|||||
| resources |
|
Dan Guido discusses an evidence-driven approach to security engineering, arguing that security decisions should be grounded in empirical data rather than intuition or convention. The talk covers how Trail of Bits uses data from hundreds of security assessments to inform their methodology, identify the most impactful vulnerability classes, and allocate resources effectively to maximize security outcomes.