New consortium sets out to establish app security guidelines

Security Innovation, Microsoft, Red Hat, Oracle and several other companies have formed Application Security Industry Consortium (AppSIC) with the intent of helping establish and define app security guidance and metrics.

AppSIC's primary goals are to translate security practices and activities throughout the development lifecycle into ROI that would enable orgs to make informed application security purchase and deployment decisions, the consortium says.

"AppSIC will focus on developing evaluation methodologies that make application security relevant to business and technology decisions," says Herbert Thompson, consortium chair. "Consumers need to have confidence in the software they buy, build and deploy. Development groups need a yardstick to help them refine their processes and make measurable progress towards security. CxOs need actionable insight into the security of the applications that run their critical business processes. AppSIC's diversity and seasoned membership uniquely position it to deliver metrics and methodologies that meet these needs."

AppSIC says it will publish an industry white-paper on security metrics and ROI by the end of the year.