Difference between revisions of "OWASP AppSec DC 2012/What can an Acquirer do to prevent developers from makedangerous software errors"

From OWASP
Jump to: navigation, search
(Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightTodays technology enabled environment has an e...")
 
Line 2: Line 2:
 
__NOTOC__
 
__NOTOC__
 
== The Presentation  ==
 
== The Presentation  ==
[[Image:Owasp_logo_normal.jpg|right]]Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service.  To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service.    Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts.  The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government  agencies included requirements for  NIST  IR 7622  practices,  the OWASP Top 10,  and SANS Top 25 CWEs, and SANS certified secure Java developers.  Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft.  It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services.  The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.
+
Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service.  To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service.    Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts.  The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government  agencies included requirements for  NIST  IR 7622  practices,  the OWASP Top 10,  and SANS Top 25 CWEs, and SANS certified secure Java developers.  Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft.  It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services.  The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.
 
== The Speakers  ==
 
== The Speakers  ==
Michele Moss and Don Davidson
+
<table>
 +
<tr>
 +
<td>
 +
===Don Davidson===
 +
[[Image:Owasp_logo_normal.jpg|left]]Bio TBA
 +
</td>
 +
</tr>
 +
<tr>
 +
<td>
 +
===Michele Moss===
 +
[[Image:Owasp_logo_normal.jpg|left]]Bio TBA
 +
</td>
 +
</tr>
 +
</table>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

Revision as of 20:04, 11 March 2012

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service. To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service. Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts. The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government agencies included requirements for NIST IR 7622 practices, the OWASP Top 10, and SANS Top 25 CWEs, and SANS certified secure Java developers. Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft. It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services. The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.

The Speakers

Don Davidson

Owasp logo normal.jpg
Bio TBA

Michele Moss

Owasp logo normal.jpg
Bio TBA

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg