Wednesday, April 6 - 4:15 p.m.
Software Assurance: Enabling Quality Assurance to Better Address Software Security and Resilience
With today’s global IT software supply chain, project management, software, and systems engineering processes must explicitly address security risks posed by exploitable software. Traditionally, these disciplines have not clearly and directly focused on software security risks that can be passed from projects into the organization. Software security assurance processes and practices span development and acquisition and can be used to enhance project management and quality assurance activities. The panel will address the critical need for adherence to the practices, guidelines, rules, and principles used to build security and resilience into every phase of the software lifecycle.
- Learn about The Software Assurance Forum, co-sponsored by the Department of Homeland Security, Department of Defense (DoD), and the National Institute for Standards and Technology (NIST).
- Discover how through the use of security-related standards, the qualification and certification of software products can now include assertions about security and resiliency.
- Hear about free resources that are available to assist in managing outsourcing, procurement, and development activities to better focus on security and resiliency.
About the Moderator...
Director of Software Assurance
National Cyber Security Division, Department of Homeland Security
In his role as Director for Software Assurance, Joe Jarzombek leads government interagency public/private collaboration efforts with industry, academia, and standards organizations to shift the security paradigm away from patch management by addressing security needs in work force education and training, more comprehensive diagnostic capabilities, software security automation, and security-enhanced development and acquisition practices. Joe served in the U.S. Air Force as a Lieutenant Colonel in program management. After retiring from the Air Force, he worked in the cyber security industry as vice president for product and process engineering. Joe also served in two software-related positions within the Office of the Secretary of Defense prior to accepting his current DHS position. In his role as Director of Software Assurance, Joe addresses DHS Cyber Security initiatives focused on mitigating risks attributable to exploitable software and how public/private collaboration is necessary to improve cyber security. Joe speaks to the relevance of software security assurance in reducing organizational risk exposure.
About the Panelists...
Rafal Los is the Web Application Security Evangelist for the HP Software & Solutions business at Hewlett-Packard. Rafal is responsible for bridging gaps between security technologies and business needs. He also focuses on demonstrating business value from risk reduction through measurable gains in enterprise web application security solutions on behalf of the HP Application Security Center group. He has spent over 10 years in various facets of information security and data protection, building programs at companies ranging from startups to Fortune 50 enterprises. Rafal is a frequent speaker at security conferences and quality events. He contributes regularly to organizations such as the Open Web Application Security Project (OWASP) and others promoting education, openness and standards.
Robert Martin is a Principal Engineer at MITRE, a company that works in partnership with the government to address issues of critical national importance. For the past 18 years, Robert's efforts have focused on the interplay of risk management, cyber security, and quality assessment. The majority of this time has been spent working on the CVE, OVAL, CAPEC and CWE security standards initiatives in addition to basic quality measurement and management. Robert is a frequent speaker on the various security and quality issues surrounding information technology systems and has published numerous papers on these topics. Robert holds a BS and MS in Electrical Engineering, and an MBA from Babson College.
Matt Moynahan is chief executive officer of Veracode. Under his leadership, Veracode is providing the world's first SaaS-based application risk management solution empowering organizations to implement a global, ubiquitous risk management strategy from the C-level suite to the developer's desktop. Matt's career has spanned the spectrum of application security roles, from his early experience in capital markets at Goldman Sachs, to leading the $2 billion Consumer Products and Solutions division at Symantec. Today, Matt is recognized as an emerging leader in the technology industry and was recently named an Ernst & Young Entrepreneur of the Year award finalist.
Back to top