Focus on 5 LUCHA metrics :
Legacy, Updates, Compliance, Hardening, Assessment.
Detect and prioritize the remediation of legacy software, unmaintained components, breach of standards compliance, lack of security in depth and software vulnerabilities automatically.
Measure the technical debt of the building blocks of an application. The higher the rating, the more advanced the technology.
Quantify the cost of maintaining software. The metric takes into account how up to date the software is, in addition to its history of vulnerabilities, past and present.
Assess adherence to industry standards and best practices. The higher the rating, the more compliant the software.
Measure how the program implements defense in depth mechanisms to deter generic attack vectors.
Evaluate the security of executable applications by identifying vulnerabilities. Use a custom static analyser on executable programs.