Applications underpin customer engagement, but they also are the top external attack method for breaches. To avoid launching efforts that waste time, effort, and money, security leaders need application security metrics that generate insights and help decision-making. Security pros should use this report to define application security metrics that are traceable to business objectives and understand what decisions to make, how to make them, and what the consequences are.