• SwA Communities
• SwA Forums & Working Groups
• Workforce Education & Training
•     - Activities
•     - Resources
•     - Collaborations
•     - Licensing and Certification
• Processes & Practices
•     - Activities
•     - Resources
•     - Collaborations
• Technology & Tools
•     - Activities
•     - Resources
•     - Collaborations & Research
• Acquisition & Outsourcing
•     - Activities
•     - Resources
•     - Collaborations
• Measurement & Business Case
•     - Activities
•     - Resources
•     - Business Case
•     - Collaborations & Examples
•     - Resources
• Malware & Cyber Observables
•     - Activities
•     - Resources
• Resilient Software
• SwA Market Place
• SwA Landscape
• SwA Ecosystem
• Security Automation & Measurement
• Build Security In

14th Semi-Annual Software Assurance Forum - February 28-March 4, 2011

Presentations from Speakers, Panels, and Tutorials

All presentations are available below by express permission of the presenters.

Day 1 – Monday, February 28, 2011
Day 2 – Tuesday, March 1, 2011
Day 3 – Wednesday, March 2, 2011
Day 4 – Thursday, March 3, 2011
Day 5 – Friday, March 4, 2011

Day 1 – Monday, February 28, 2011

Tutorials

Enterprise Cybersecurity Ecosystem
The Cybersecurity Ecosystem & Making Security Measurable
Supporting Training & Education and Software Security Engineering
Training & Software Security Engineering: CWE
The Cybersecurity Ecosystem SCAP, SwAAP, et al.
Standards Activities
CWSS Domains and Archetypes
Robert A. Martin, MITRE

Understanding How They Attack Your Weaknesses: CAPEC
Supporting Secure Software Acquisition and Software Assurance Analysis
Supporting Secure Software Operations
Sean Barnum, MITRE

Common Weakness Scoring System (CWSS)
Steve Christey, MITRE

Emerging Threats in Mobile Computing
Adam Meyers, SRA

Security of Medical Device Applications
Dennis Seymore, Ellumen

2011 Global Security Statistics and Trends
Charles Henderson, SpiderLabs at Trustwave

Day 2 – Tuesday, March 1, 2011

Overview of NIST Information Technology Laboratory
James St. Pierre, NIST

Rugged Software – One Year Later
Joshua Corman, The 451 Group

Software Assurance Forum for Excellence in Code (SAFECode)
Stacy Simpson, SAFECode

Panel: Identify synergies between SwA/SCRM and Cyber Workforce Transformation
Dan Shoemaker, University of Detroit Mercy – Panel Facilitator
Ernest McDuffie, NIST
Lance Kelson, DoI
Brenda Oldfield, DHS
Susan Hansche, Avaya

Understanding Challenges Presented to Industry in Outsourcing (HW and SW)
Don Davidson, DoD

Cyber Supply Chain Security and Software Assurance
Jon Oltsik, Enterprise Strategy Group

The IT Supply Chain: Research on Industry Perspectives
Sandy Boysen, University of Maryland

Software Supply Chain Risk Management: From Products to Systems of Systems
Carol Woody, Software Engineering Institute

Critical Code Model for Preventative and Supply Chain Issues
Bill Scherlis, Carnegie Mellon University

Mobile Applications and Application Framework Security
Dan Cornell, Denim Group

Cracking the Code on the Mobile Software Supply Chain
David Maxwell, Coverity

Cloud Security in the Federal Sector: FedRAMP (Federal Risk and Authorization Management Program)
Rex Booth, Grant Thorton

Life in the Cloud, a Service Provider’s View
Mike Smith, Akamai

Day 3 – Wednesday, March 2, 2011

Introduction of Government Efforts with SwA Equities
Whitehouse Led IPC on Cybersecurity Standardization
DoD Countering Counterfeits Tiger Team (C2T2)
Don Davidson, DoD

Addressing Federal Agencies’ Engagement in Standards
Ajit Jillavenkatesa, NIST

Intellectual Property Enforcement Coordinator (IPEC)
Mike Powers, NASA

Global Community’s Response to ICT Supply Chain Risk Challenge
Software Asset Management
Larry Wagoner, NSA

Piloting Supply Chain Risk Management Practices for Federal Information Systems
Jon Boyens, NIST

ICT SCRM –ISO Standards Update
Nadya Bartol, Booz Allen Hamilton

Open Trusted Technology Forum Overview (OTTF)
Andras Szakal, The Open Group

Business Risks of Insecure Software in the Cloud
Andrew Murren, Deloitte & Touche

Business Risk Management
Joshua Stabiner, Ernst and Young

Strategies for Securing the Enterprise
Paul Croll, CSC

Panel: Advanced Persistent Threat
Michele Moss, Booz Allen Hamilton – Panel Facilitator
Rick Doten, Lockheed Martin
Ryan Kazanciyan, Mandiant
Sean Barnum, MITRE

Panel: SwA and the Technology Stack
Michele Moss, Booz Allen Hamilton – Panel Facilitator
Thresa Lang, Dell
Steve Adegbite, Adobe
Greg Piper, Intel
Ben Calloni, Lockheed Martin

Day 4 – Thursday, March 3, 2011

Public-Private Partnerships
Bob Dix, PCIS

OMG: Not Your Father’s CORBA Organization Any Longer
Ben Calloni, Lockheed Martin

Licensing Software Engineers
Phil Laplante, PSU

CSSLP
Hart Rossman, SAIC on behalf of (ISC)2 Application Security Advisory Board

The Information Security Forum
Greg Nowak, PWC

ITU/CYBEX (CWE)
Bob Martin, MITRE

CWSS: Using CWE to Provide Consistent Measures for Prioritizing Risk Mitigation Efforts
Joe Jarzombek, DHS

CWE Coverage Claims Schema
Richard Struse, DHS

Software Labeling
Paul Black, NIST

National Defense Industrial Association (NDIA)
Dave Chesebrough, AFEI/NDIA

Panel: Working Group Co-chairs
Processes and Practices
Michele Moss, Booz Allen Hamilton

Acquisition and Outsourcing
Don Davidson, DoD

Workforce Education and Training
Carol Woody, SEI

Measurement
Bob Martin, MITRE

Technology, Tools and Product Evaluation Working Group
Mike Kass, NIST

Malware
Penny Chase, MITRE

SwA Program
Joe Jarzombek, DHS

Day 5 – FRIDAY, March 4, 2011

Tutorials

Trusted Software Development
Ben Calloni, Lockheed Martin

Smart Phones with Dumb Apps: Security for Mobile Applications
Dan Cornell, Denim Group

Lost in Translation: Understanding the Hacker Mindset in Application Security
Paul Nguyen and Ryan Stinson, Knowledge Consulting Group

Top

 

Contact Us Terms of Use Privacy Policy Sitemap Get a PDF Reader ©2013 Department of Homeland Security