Software security means that applications "behave as expected" - even under potentially malicious external influences. In regards to the security of software, many executives fear consequences from exposures and vulnerabilities, but are not able to make clear, justified decisions regarding measurements of security levels. Often, the result is applications that expose critical information and processes or expenditures of huge amounts of money in protection technology that does not solve the problem. In this talk, Sachar Paulus will examine the relationship between quality and security. Address the questions: Why measure software security? How can we measure software security? And what tools and frameworks are available to help? Mr. Paulus will also explain approaches towards a state of measurable software security that enable business owners to make informed decisions about software security choices.