FROC2010 Abstract Goldschmidt
The Presentation: "Fundamental Practices and Tools to Implement a Security Development Lifecycle"
Implementing an effective security development lifecycle program is both a costly and arduous endeavor. During this presentation, we’ll demonstrate how it is possible to lower the costs associated with this project by taking advantage of high quality tools freely available on the internet as well as taking advantage of the fundamental practices employed by technology giants such as EMC, Juniper, Oracle, Microsoft, Symantec, Nokia, SAP and Symantec (members of SAFECode.org).
List of subjects discussed during this presentation • Introduction o What is SAFECode? o Who are the members of SAFECode? o What does SAFECode do? o How SAFECode differs from SAMM and BSIMM? • Why implement a Security Development Lifecycle program? • The Security Development Lifecycle o Description of each phase and activities that must be accomplished o Differences between the approach taken by various SAFECode members o My personal experience leading the implementation of Symantec’s SDL program o Free tools that can be readily applied in each phase of the Security Development Lifecycle. An emphasis on OWASP tools will be given. • Analysis of which phase should be implemented first and why • Final thoughts
The Speaker: Cassio Goldschmidt
Cassio Goldschmidt is senior manager of the product security team under the Office of the CTO at Symantec Corporation. In this role he leads efforts across the company to ensure the secure development of software products. His responsibilities include managing Symantec’s internal secure software development process, training, threat modeling, penetration testing and vulnerability manegement. Cassio’s background includes over 14 years of technical and managerial experience in the software industry. During the eight years he has been with Symantec, he has helped to architect, design and develop several top selling product releases, conducted numerous security classes, and coordinated various penetration tests. Cassio is also known for leading the OWASP chapter in Los Angeles and is a frequent speaker at security conferences worldwide.
Cassio represents Symantec on the SAFECode technical committee and (ISC)2 in the development of the CSSLP certification. He holds a bachelor degree in computer science from Pontificia Universidade Catolica do Rio Grande Do Sul, a masters degree in software engineering from Santa Clara University, and a masters of business administration from the University of Southern California.