Summit 2011 Working Sessions/Counting and Scoring Application Security Defects