Executives often ask the wrong questions about application security. This session will discuss techniques for changing the conversation in order to encourage execs to ask the right questions—and provide answers that show progress towards meaningful objectives. Attendees will discuss a progression of application security capabilities and the metrics that correspond to different levels of maturity.