Keynote Presentation: Expecting Secure, High-Quality Software: Using High Assurance Test Regimes in Mitigating Risks

As the cyber landscape evolves and external dependencies grow more complex, managing risks attributable to exploitable software includes requirements for security and quality with ‘sufficient’ test regimes throughout the software supply chain.  The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure.  With IoT increasingly dependent upon third-party software, software composition analysis and other forms of testing are used to determine ‘fitness for use’ and trustworthiness of assets. Standards for measuring and sharing information about software security and quality are used in tools and services that detect weaknesses and vulnerabilities.  Test and certification programs provide means upon which organizations use to reduce risk exposures attributable to exploitable software.  Ultimately, addressing software supply chain dependencies and leveraging high assurance test regimes enable enterprises to provide more responsive mitigations.

Learning Objectives

  • External dependencies contribute risks in the form of technical debt throughout the software supply chain
  • Standards can be used to convey expectations and measure software security and quality
  • Software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation
  • Testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software.

Keynote
Location: Guggenheim BallroomDate: May 16, 2019Time: 8:30 am - 9:30 am Joe Jarzombek