SYS-CON MEDIA Authors: Elizabeth White, Mat Mathews, Newswire, David Smith, Tim Crawford

News Feed Item

Apply Gaming Concepts as Incentives to Achieve Stronger Application Security, According to AsTech Consulting & WhiteHat Security

A white paper authored by application security leaders WhiteHat Security and AsTech Consulting suggests the incentives used by gamers could result in more secure applications and other security operations.

“Application security professionals are great at what they do, but the only time they get recognized is when something goes wrong,” said Greg Reber, founder and CEO of AsTech Consulting. “This is a proven way to incentivize and engage the team toward the goal of creating a more secure and sustainable security environment.”

Shall We Play a Game? How to design and implement a positive security incentives program” defines steps to establishing the foundation of a security incentives program, including identifying stakeholders, defining metrics, and having a back-up plan in the event of a security breech. It uses the case study of to demonstrate how motivating factors, like competition and self-expression, and gaming concepts, like mastery and autonomy, can lead to a more engaged information security team and program. For example, rewards go to individuals or teams who reach the next “level” in eliminating XSS or SQK injection vulnerabilities.

You can download the whitepaper here.

About WhiteHat Security

Founded in 2001 and headquartered in Santa Clara, California, WhiteHat Security provides end-to-end solutions for application security. The company’s cloud website vulnerability management platform and leading security engineers turn verified security intelligence into actionable insights for customers. Through a combination of core products and strategic partnerships, WhiteHat Security provides complete application security at a scale and accuracy unmatched in the industry. WhiteHat Sentinel, the company’s flagship product line, currently manages thousands of websites – including sites in highly regulated industries, such as e-commerce, financial services and healthcare companies. For more information, please visit:

About AsTech Consulting

Founded in 1997, AsTech empowers client organizations to improve Application Security within their organizations. We share our knowledge and expertise to measurably enhance our clients’ software security, using a risk-based approach focused on optimizing their Return On Security Investment (ROSI). By understanding our clients’ unique risk appetites, current capabilities and business objectives, we help them comprehend the true risks to their organization. AsTech performs application vulnerability discovery and analyses, vulnerability remediation, secure development training, and Secure Software Development Life Cycle (SSDLC) consulting services. We have provided solutions appropriate for organizations of varying sizes - from small businesses to multinational corporations. For more information, please visit:

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.