Working Group Session - June 21-23, 2010
June Working Group Accomplishments and Outputs Planned for September
Agenda
Presentations from Speakers, Panels, and Tutorials
All presentations are available below by express permission of the presenters.
Day 1– Monday, June 21, 2010
Day 2– Tuesday, June 22, 2010
Day 3– Wednesday, June 23, 2010
Plenary Overview of the SwA Working Group Sessions and Status Updates
Government Initiatives / Deliverables Related to Software Assurance and Supply Chain Risk Management
- Joe Jarzombek, DHS
- Don Davidson, Globalization Task Force, OASD(NII)/DoD CIO, Department of Defense (DoD)
- Mike Kass, Information Technology Laboratory, National Institute of Standards and Technology (NIST), Department of Commerce
- Denise Peake, National Security Agency (NSA), DoD
NIST's Vision for Software Assurance (SwA).
Room 1
SwA Automation Protocol (CWE, CAPEC, MAEC)
Co-Led by Technology, Tools and Product Evaluation WG and the Malware WG
- CWE Version 1.9 Status Update—Conor Harris, MITRE
- CAPEC Status Update—Sean Barnum, MITRE
- MAEC—Penny Chase, MITRE
SCAP and SwA Automation Protocol
Co-Led by Technology, Tools and Product Evaluation WG and the Malware WG
Room 2
Methods and Content to Develop and Adopt SwA Curriculum and Continuing Education
Co-Led by the Workforce Education & Training WG and the Process & Practices WG
- Computer Related Degree Programs—Dan Shoemaker
- DHS Master of Software Assurance Curriculum Project—Rick Linger, SEI CMU
- Stevens School of Systems and Enterprises Curriculum—Linda Laird, Stevens Institute
Methods and Content to Develop and Adopt SwA Curriculum and Continuing Education
Co-Led by the Workforce Education & Training WG and the Process & Practices WG
- VTE – Information Assurance—Erin Czerwinski, SEI CMU
- SwA WET Pocket Guide—Robin Gandhi, University of Nebraska
Day 2 – Tuesday, June 22, 2010
Room 1
Understanding Product Characteristics throughout the SDLC
Co-Led by Technology, Tools and Product Evaluation WG and the Process and Practices WG
- Where the Rubber Meets the Code – Static Code Analysis for Software Assurance in the Acquisition Life Cycle—Paul Croll, CSC
- Naval Ordnance Safety & Security Activity Software Security Assessment Tools Review—Ted Winograd, Booz Allen Hamilton
Understanding Product Characteristics throughout the SDLC
Co-Led by Technology, Tools and Product Evaluation WG and the Process and Practices WG
- Updates to Software Security Testing Guide—Joe Mazzon, SRA
- Understanding Product Characteristics Throughout the SDLC—Mike Kass, NIST
Room 2
Developing Phase 2 for FSTC SwA Initiative
Co-Led by Acquisition and Outsourcing WG and Measurement WG with the Financial Services Technology Consortium (FSTC)
Making the Business Case for SwA
Co-Led by Acquisition and Outsourcing WG and Measurement WG with the Financial Services Technology Consortium (FSTC)
Plenary
Understanding SwA Supply and Demand (Development)
Understanding SwA Supply and Demand (Acquisition)
- Counterfeit Parts - Responding Via the Procurement Process—Craig Webster, LMI
- GSA Initiatives—Sharon Terango, GSA
Day 3 – Wednesday, June 23, 2010
Plenary
Session Outbriefs
- Technology, Tools and Product Evaluation WG and Malware WG outbrief – Mike Kass
- Technology, Tools & Product Evaluation WG and Process & Practices WG – Michele Moss
- Acquisition and Outsourcing WG and Measurement WG outbrief – Don Davidson
- Measurement WG and the Process and Practices WG – Michele Moss
- Workforce Education and Training WG and the Process and Practices WG outbrief – Carol Woody and Dan Shoemaker
Panel: Emerging SwA and SCRM Efforts
- Nadya Bartol, Booz Allen and Hamilton and Rama Moorthy, Hatha Systems, NIST Inter-Agency Report #7622: Supply Chain Risk Management Practices for Federal Information Systems
- Arnold Johnson, Security Management & Assurance, NIST, The Vision for SwA Guidance