In this presentation I will discuss how the Library of Congress has implemented their Secure Software Development program. I will discuss the need for a Secure Software Development Program and the steps that have been taken as well as planned activities for the future of the Libraries Secure Software Development Program. The benefits of automated and manual code review will be discussed as well as specific examples of the Libraries implementation. Developer training will be discussed and the need for security groups to work with developers staffs in the issuance of useful practical guidance and best practices and not just high level directives that are not seen as useful.
Speaker bio will be posted shortly.