The most commonly asked (and infrequently answered) questions faced by application security leaders and CISOs are: "How do we measure this is working? How do we know if the money, time and people we ...