Working Group Session - December 14-16, 2010
Agenda
Presentations from Speakers, Panels, and Tutorials
All presentations are available below by express permission of the presenters.
Day 1– Tuesday, December 14, 2010
Day 2– Wednesday, December 15, 2010
Day 3– Thursday, December 16, 2010
Day 1 – Tuesday, December 14, 2010
Plenary
Overview of the SwA Working Group Sessions and Status Updates
- Joe Jarzombek, Director, Software Assurance, National Cyber Security Division (NCSD), Department of Homeland Security (DHS)
Room 1
Supply Chain Risk Management
Co-Led by the Acquisition & Outsourcing and Processes & Processes WGs
- NIST IR 7622 Piloting Supply Chain Risk Management Practices for Federal Information Systems – Jon Boyens, National Institute of Standards and Technology (NIST)
- SCRM Related Standards Updates - Don Davidson, Department of Defense (DoD), and Michele Moss, Booz Allen Hamilton (BAH)
SwA Related Standardization Activities
Co-Led by the Acquisition & Outsourcing and Processes & Processes WGs
- ITU SwA Standards - Bob Martin, MITRE
- 20004 Secure Software Development and Evaluation Under 15408 and 18045 - Sean Barnum, MITRE
SwA Program Pocket Guide Review
- SwA Pocket Guide Status – Joe Jarzombek, DHS
- Secure Coding (draft)
- Business Case (outline)
- SwA in Education, Training and Certification (update) - Robin Gandhi, University of Nebraska at Omaha (UNO)
Room 2
Human capital (principals, roles, competences, credentials, skills)
Led by the Workforce Education & Training WG
- WET Pocket Guide Updates - Awareness - Robin Gandhi, UNO
- Reference curriculum – Carol Woody, Software Engineering Institute (SEI)
- Implementation – Linda Laird, Stevens Institute
- Instructional support – Dan Shoemaker, University of Detroit Mercy (UDM)
- International cooperation – Tim Watson, DeMontfort University
- Principles for the Discipline - Carol Woody, SEI, and Dan Shoemaker, UDM
- Identify Types of Positions Proposed Curriculum Qualifies a Student to Handle – Not presented
Malware/MAEC
Led by the Workforce Malware WG
- MAEC Update – Penny Chase, MITRE
- MAEC Schema v 1.1 – Ivan Kirillov, MITRE
- OpenIOC – David Ross, Mandiant
Day 2 – Wednesday, December 15, 2010
Room 1
Models and Standards: Getting SwA into Standards
Co-Led by the Measurement and Processes & Practices WGs
- Understanding SwA Processes and Practices Resources Assurance PRM – Michele Moss, BAH
- Software Security Checklist for Software Supply Chain Risk Management – Ed Wotring, Information Security Solutions (ISS)
- Review of Relevant SwA Work Products – Not presented
Models and Standards: SwA for NIST SP 800-53 & ISO/IEC 27002
Co-Led by the Measurement and Processes & Practices WGs
Models and Standards: SEI Measurement Model
Co-Led by the Measurement and Processes & Practices WGs
- Brief Overview of the Framework Refresher – Nadya Bartol, BAH
- SEI Measurement Project – Carol Woody, SEI
- Relating the Enumerations to the Processes – Michele Moss, BAH
Room 2
Motivation Behind the Cyber Ecosystem Initiative
- Motivation Behind the Cyber Ecosystem Initiative - Joe Jarzombek, DHS
Current SwA Work and the Making Security Measurable/ SCAP Work Fit within and Support the Cyber Ecosystem Concept, and Where There Are Still Gaps
- Current SwA Work and the Making Security Measurable/ SCAP Work Fit within and Support the Cyber Ecosystem Concept, and Where There Are Still Gaps - Bob Martin, MITRE
- Please contact ramartin[at]mitre.org for information on this topic.
Current Status of CWE, CWSS, and the "Key Practices for Mitigating the Most Egregious Exploitable Software Weaknesses"
- Current Status of CWE, CWSS, and the "Key Practices for Mitigating the Most Egregious Exploitable Software Weaknesses" Pocket Guide and the Plans for the 2011 CWE/SANS Top 25 Most Dangerous Software Errors Effort - You Can Help - Bob Martin and Steve Christey, MITRE
- Please contact ramartin[at]mitre.org for information on this topic.
Tools Output Integration Framework
Integrating/Leveraging Cyber Ecosystem with Current/Future Working Group Efforts
- Integrating/Leveraging Cyber Ecosystem with Current/Future Working Group Efforts - Mike Kass, NIST
Plenary
A Brief History of SwA Measurement and SwA Business Case – Not Presented
Software Quality and Security Measures
Key Performance Indicators
Review of Relevant SwA Work Products – Not Presented
Day 3 – Thursday, December 16, 2010
Plenary
The SwA Marketplace
Federal Network Security Initiatives
National Academies’ Committee on Advancing Software-Intensive Systems Producibility
OPEN Group TTPF
Cyber Ecosystem Work Break Down Structure (WBS)
- Cyber Ecosystem Work Break Down Structure (WBS) - Joe Jarzombek, DHS, and Don Davidson, DoD
Future Forums
- Future forums - Joe Jarzombek, DHS, Don Davidson, DoD, and Mike Kass, NIST
Stakeholder Outreach Events Review
SwA Products: Next Steps
- What Products Do We Have and What Needs Updating?