Working Group Session - November 28-December 16, 2011
Agenda
Presentations from Speakers, Panels, and Tutorials
All presentations are available below by express permission of the presenters.
Day 1– Monday, November 28, 2011
Day 2– Tuesday, November 29, 2011
Day 3– Wednesday, November 30, 2011
Day 4– Thursday, December 1, 2011
Day 5– Friday, December 2, 2011
Day 1 – Monday, November 28, 2011
Workshop on the Future of Global Vulnerability Identification and Reporting
- The Future of Global Vulnerability Identification and Reporting – Richard Struse, Department of Homeland Security (DHS) and Thomas Millar, United States Computer Emergency Readiness Team (US-CERT)
- Common Vulnerabilities and Exposures (CVE) Futures - IT Security Automation Conference (ITSAC) Future of Vulnerability Reporting Continuation – Kent Landfield, McAfee
Day 2 – TUESDAY, NOVEMBER 29, 2011
Understanding the Value Software Supply Chain Standards Provide to the Software Assurance (SwA) Stakeholder Communities - Industry Supply Chain Processes for Outsourcing
- Industry Supply Chain Processes for Outsourcing Panel – Don Davidson, Department of Defense – Chief Information Office (DoD-CIO)
- University of Maryland University College Landscape Study – Hart Rossman, SAIC
- ISO/IEC 27306 – Summary and Update – Nadya Bartol, Booz Allen Hamilton (BAH)
- Open Trusted Technology Provider Framework (O-TTPF) Standard – Sally Long, The Open Group
Understanding the Value Software Supply Chain Standards Provide to the SwA Stakeholder Communities - Product and Service Verification and Certification Standards
- Facilitator – Michele Moss, BAH
- ISO/IEC 15026, Systemas and Software Assurance – Jim Moore, MITRE
- ISO / IEC 29119 Systems and Software Engineering — Software Testing – Susan Burgess, Keane
- International Aspects of Common Criteria – Fiona Pattinson, @Sec
- Software Supply Chain Practices – Joe Jarzombek, DHS
Research and Development Needs for SwA
- Priority Research and Development (R&D) Topics for High Assurance – Joe Jarzombek, DHS
- Federal R&D Landscape and DHS S&T – Edward Rhyne, DHS
Co-Chair Planning Session
- Outreach and SwA Messaging – Michele Moss, Booz Allen
Day 3 – WEDNESDAY, NOVEMBER 30, 2011
Inserting SwA Practices into Organizational Policies and Processes
Recent Contract Language and the Due Diligence Pocket Guide
- Michele Moss, BAH
- Thresa Lang, Dell
Co-Chair Planning Session
- Stakeholders’ View of SwA Resources – Joe Jarzombek, DHS
- Updates on Pocket Guides - Requirements Analysis, Architecture and Design, and Secure Coding – Joe Jarzombek, DHS
Day 4 – THURSDAY, DECEMBER 1, 2011
Workforce Education and Training Presentation
- Facilitator – Nancy Mead, Software Engineering Institute (SEI)
- Introduction to the NICE Cybersecurity Workforce Framework – Peggy Maxson, DHS
- Software Security Dependability Resilience Initiative (SSDRI) – Ian Bryant, United Kingdom Ministry of Defence (UK MoD)
- Thresa Lang, Dell
- Roy Burgess, DHS
Integrating Quality and Security Across Application Development
- Open Source in Application Development – Brian Fox, Sonatype
- Software Code Quality Checking (SCQC) – John Keane, Military Health System
DHS SwA Input to the 2012 FISMA Reporting Metrics
- Draft Software Assurance Questions in the 2012 FISMA Reporting Metrics – Joe Jarzombek, DHS
Day 5 – FRIDAY, DECEMBER 2, 2011
SwA Methods in Support of Cyber Security
- Mission Thread Analysis – Carol Woody, SEI
- Supply Chain Risk Management – Carol Woody, SEI
- Security Requirements Engineering and SQUARE Overview – Nancy Mead, SEI
- Risk-Based Measurement and Analysis: Application to Software Security – Nancy Mead, SEI
Proposed Certification of Security Testers
- Taz Daugherty, Quanterion Solutions
Software Fault Patterns: Towards Formal Compliance Points for CWE
Building an CWE Compatibility Effectiveness Testing Program
- Paul Black, National Institute of Standards and Technology (NIST)
CWE Compatibility Effectiveness and the CWE Coverage Claims Representation