Empower your organization with the Secure Code Warrior® Trust Score – the industry’s first solution that measures the strength of your secure code learning program by providing insight to the security posture of your developers, teams, and organization.
SCW Trust Score provides organizations with a data-driven measurement of the effectiveness of their security program by aggregating individual developer security status as they use Secure Code Warrior.
We leverage over 20 million learning data points from over 600 companies and over 250,000 developers to help measure your security posture in the context of peers, competition, and global organizations.
Trust Score Insights Report
Where can I find the report?
The SCW Trust Score Insights report can be found in the Metrics menu in the top navigation panel.
How often is the report updated?
The SCW Trust Score Insights report is updated on a weekly basis at the start of the week.
Who can view the report?
Only company administrators can currently view the report.
How does the "Insights within the ... industry" section work?
This is where you can see how your company is performing compared to other companies in the same industry. We want to make it simple for you to understand where your company stands. Currently, we offer three different benchmarks:
- Global benchmark
- This includes all companies, regardless of their industry.
- Technology benchmark
- This is specifically for companies in the technology industry.
- Banking & Financial Services benchmark
- This is specifically for companies in the banking and financial services sector.
When you first signed up, your company was assigned to one of these benchmarks based on the industry you are in. So, if you're a technology company, you'll automatically be placed in the Technology Benchmark. If you believe your company should be assigned to a different benchmark, please contact our support team.
What does the ‘percentile’ tile in the "Insights within the ... industry" section mean?
The percentile tells you how your company's score compares to other companies in the same benchmark.
For example, let's say your company is in the Technology Benchmark. If your company's score is in the 75th percentile, it means your score is higher than 75% of the other companies in the Technology Benchmark.
What does the ‘industry rank’ tile in the "Insights within the ... industry" section mean?
In addition to the percentile, this section also provides your company's industry rank. This rank shows your company's position relative to other companies within your specific industry benchmark.
The industry rank is determined by ordering all companies in your benchmark from the highest score to the lowest. The company with the highest score is ranked number 1, the second-highest is ranked number 2, and so on.
How does the "Insights within your company" section work?
Your company's overall SCW Trust Score is calculated by combining all of your learners' individual skill levels. This section shows you how your learners' skill levels are distributed. Skill levels range from 0 to 1000.
The graph is divided into skill level ranges, like 0-100, 101-200, and so on. Each range has a bar that shows how many learners have skill levels in that range. Taller bars mean more learners in that skill level range, while shorter bars mean fewer learners in that range. By comparing the bar heights, you can easily see which skill levels are most common among your learners and understand the overall skill level distribution in your company.
Trust Score Algorithm
How does the Trust Algorithm work?
The Trust Score algorithm considers your learners and all learning activities they have completed in the last two (2) years on our platform. Each learner is analyzed and assigned a skill level based on breadth, depth, and how recently they have built secure coding skills on our platform. All of your learners' skill levels are combined by the algorithm to calculate your overall company Trust Score.
-
Breadth is assessed based on how much of the relevant security standard (e.g. OWASP Top 10 for Web) the learner has covered. Each learner is assigned the relevant security standard based on the activities they complete on our platform. For example, a learner who completes a lot of Java Spring API activities might be categorized as a Backend developer. Therefore, the algorithm uses concepts/vulnerabilities covered in OWASP Top 10 for API to assess breadth of knowledge.
-
Depth is assessed based on the range of activities completed to learn about a specific concept/vulnerability. For example, only covering a vulnerability with a video would be considered cursory exploration of that concept. On the other hand, covering a concept through interactive activities such as our challenges, missions, and coding labs would be considered as deep exploration of the relevant concept/vulnerability.
-
Recency of learning is another core component of the algorithm. The algorithm considers how recently each learning activity was completed, as this can impact knowledge retention. Over time, learners may experience knowledge decay if they don't regularly refresh and maintain their secure coding skills on our platform. This knowledge decay also impacts a learner's skill level.
- Other signals taken into consideration by the algorithm are things like hint usage and number of attempts required to complete an activity. These are used as indicators of comprehension by the algorithm when calculating a learner's skill level.
Which of my learners are included in the Trust Score algorithm?
The Trust Score currently only takes enabled users into account.
Disabled or deleted users are not considered by the algorithm.
How do new learners contribute to my Trust Score?
When new learners join our platform, we gradually include their skill levels in the company SCW Trust Score calculation. This helps prevent big changes in the Trust Score when many new learners are added at once.
A learner's contribution to your company's SCW Trust Score reaches 100% when either the grace period ends (after 180 days) or they achieve a skill level of 200 or higher.
Here are some examples:
- Learner registered 365 days ago and achieved a skill level of 0
- Company Trust Score contribution: 100% since the onboarding grace period of 180 days has elapsed.
- Learner registered 90 days ago and achieved a skill level of 50
- Company Trust Score contribution: 50% since the learner is half-way through their onboarding grace period.
Comments
0 comments
Please sign in to leave a comment.