Summary: The video discusses the challenges executives face in prioritizing security improvements and critiques the effectiveness of using OKRs (Objectives and Key Results) to measure progress in identifying vulnerabilities within code. The speaker emphasizes that not all vulnerabilities carry the same weight and that the approach to setting numeric goals may not truly enhance security.
Keypoints:
- Executives may not prioritize improving security in their daily thinking.
- Setting concrete numerical goals, such as finding “60 vulnerabilities,” can be misleading.
- Not all vulnerabilities are equally significant; some may have severe implications for users’ privacy.
- The speaker expresses dissatisfaction with the use of OKRs for measuring security progress.
Youtube Video: https://www.youtube.com/watch?v=z76QwoaWGV8
Youtube Channel: Security Weekly – A CRA Resource
Video Published: Thu, 27 Mar 2025 21:00:51 +0000