Do a little math on how Secure Code Warrior's Learning Platform and developer tools can positively impact your company in both productivity and revenue by upskilling developers to prevent recurring vulnerabilities from happening in the first place.
Proof for vulnerability reduction
"Over half of organizations surveyed saw up to 10% reduction, elimination of common code vulnerabilities that were present in their code as a result of using the Secure Code Warrior skills platform."
Assumptions and references we used in the calculator
Your team is using high-level programming languages like Java, which requires less lines of codes to produce the same features, compared to lower-level languages like Assembly (Capers Jones, 2012).
According to DZone, a developer in your team produces 325~750 lines of code per month based on Capers Jones' research, which rounds up to be about 6450 lines of code per year. We understand that it can be harmful to use lines-of-code as ultimate productivity metrics. So we are only using it in calculating overall returns and business impacts.
Your team is not undergoing significant refactoring project and is steadily increasing lines of code.
According to a Stack Overflow post which quotes data from Code Complete (2nd Edition), the industry average defects per 1000 lines of code is 1~25 and Microsoft 10~20. Hence we are using an average defect rate of 0.14%.
Your team's defect distribution is not spread out across different stage, but rather centralized in one certain software development stage.
Your team has similar defect fixing time distribution with the NIST report (NIST, 2002): Requirement (Design) Stage ⇒ 1.2 hr/bug; Coding Stage ⇒ 4.9 hr/bug; Integration Testing Stage ⇒ 9.5 hr/bug; Beta-Testing ⇒ 12.1 hr/bug; Post-Product Release ⇒ 15.3 hr/bug. This is the average for Financial Services industries.
Still baffled by the number?
Let us help your business case and make software security an intrinsic part of your development process.