Security vulnerabilities can be measured ONLY AFTER the software has been built (which is too late). At @owasp #GlobalAppSec Amsterdam, I discussed looking at vulnerabilities from a different angle using Security Vulnerabilities Decomposition: youtube.com/watch?v=5Ee_mW… pic.twitter.com/hu8IYGN5OT