Explore effective software security metrics in this 50-minute conference talk from AppSec California 2016. Learn techniques to change conversations with executives about software security, encouraging them to ask the right questions and receive answers demonstrating progress towards meaningful objectives. Discover a progression of software security capabilities and corresponding metrics for different maturity levels. Gain insights on developing key metrics for your unique software security program through a detailed example. Delve into topics such as risk management objectives, measurement vs. metrics, phases of metrics, defects, risk tolerance, and coverage. Benefit from Caroline Wong's expertise as a thought leader in security strategy, operations, and metrics, drawing from her experience at companies like Cigital, Symantec, Zynga, and eBay.