Understanding How They Attack Your Weaknesses: CAPEC
Sean Barnum is a Software Assurance Principal at The MITRE Corporation where he acts as a thought leader and senior advisor on software assurance and cyber security topics to a wide variety of government sponsors throughout the national security, intelligence community and civil domains. He has over 24 years of experience in the software industry in the areas of development, software quality assurance, quality management, process architecture & improvement, knowledge management and security. He is a frequent contributor, speaker and trainer for regional and national software security and software quality publications, conferences & events. He is very active in the software assurance community and is involved in numerous knowledge standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC), the Software Assurance Findings Expression Schema (SAFES), the Malware Attribute Enumeration and Characterization (MAEC) and other elements of the Software Assurance Programs of the Department of Homeland Security, Department of Defense and NIST. He is coauthor of the book "Software Security Engineering: A Guide for Project Managers", published by Addison-Wesley. He serves as the official liaison between ISO/IEC JTC 1/SC 27/WG 3 and the Cyber-Security Naming & Information Structures Group. He also acted as the lead technical subject matter expert for design and implementation of the Air Force Application Software Assurance Center of Excellence (ASACoE).