Home > ASQ Washington, DC &... > Events > Events & Networking > Event Archives > Software Special Interest...


Software Special Interest Group Meeting
Where
Patrick Henry Library, Vienna; FDA Silver Spring; MITRE Bedford MA; MITRE Eatontow; MITRE Aberdeen,
Patrick Henry Library, 101 Maple Ave E, Vienna, VA 22180
FDA, Bld 66, room G512, 10903 New Hampshire Avenue, Silver Spring, MD
Various, Maryland
703-983-6127
When
Feb 21, 2012
6:00 pm - 6:00 pm
Understanding How the Bad Guys
Attack Your Software: CAPEC
by: Sean Barnum
Tuesday February 21, 2012
Security is quickly becoming a primary concern in the development of software today and security knowledge will increasingly become a required arrow in the software developers quiver. By learning to think more like attackers, we gain a better understanding of how to defeat their methods. The Common Attack Pattern Enumeration and Classification (CAPEC™) initiative is a community-driven software security effort to create a publicly available catalog of attack patterns. At the core of CAPEC is the concept of an "Attack Pattern," a powerful mechanism for capturing and codifying various approaches to cyber attack including the detailed action-oriented attack execution flow, the capability and motivation of the attacker, the context within which the attack is possible, the weaknesses being targeted by the attack, characterization of the typical impact of a successful attack, and recommended mitigations to prevent or decrease the impact of the attack. This talk will serve as an overview of the CAPEC project to-date and discuss some of the various uses cases for CAPEC in software development, testing, architecture analysis, and secure operations.
he acts as a thought
leader and senior advisor on software assurance
and cyber security topics to a wide variety of
US government sponsors throughout the national
security, intelligence community and civil
domains. He has over 25 years of experience in
the software industry in the areas of
architecture, development, software quality
assurance, quality management, process
architecture & improvement, knowledge
management and security. He is a frequent
contributor, speaker and trainer for regional,
national and international cyber security and
software quality publications, conferences
& events. He is very active in the Cyber
Security community and is involved in numerous
knowledge standards-defining efforts including
the Common Weakness Enumeration (CWE), the
Common Attack Pattern Enumeration and
Classification (CAPEC), the Software Assurance
Findings Expression Schema (SAFES), the Malware
Attribute Enumeration and Characterization
(MAEC), the Cyber Observables eXpression
(CybOX) and other elements of the Cyber
Security Programs of the Department of Homeland
Security, Department of Defense and NIST. He is
coauthor of the book “Software Security
Engineering: A Guide for Project Managers”,
published by Addison-Wesley. He serves as the
official liaison between ISO/IEC JTC 1/SC 27/WG
3 and the Cyber-Security Naming &
Information Structures Group. He also acted as
the lead technical subject matter expert for
design and implementation of the Air Force
Application Software Assurance Center of
Excellence
(ASACoE.
February, 2012 Software SIG Announcement flyer
5:30 PM –
Networking and
Pizza(*)
5:50 – 6:50 PM –
Program
(*) There is no cost to attend at McLean
and Silver Spring.
Locations:
The presentation will originate at the
McLean facility, with video
tele-conferencing (VTC)
between:
MITRE-2, room 1N100 7515 Colshire
Drive McLean, VA 22102 host: Scott
Ankrum cell:
240-731-7581 |
FDA, Bld 66, room
G512 10903 New Hampshire
Ave Silver
Spring, MD 20993 cell: 301-996-4976 |
|||
Your location could be here! |
MITRE, room 1M306 202 Burlington Rd (Rt.
62) Bedford, MA 01730 host: Tim Rice cell: 978-758-2704 | |||
If you can host
another location via VTC, please contact
Scott Ankrum (below)
TO ATTEND THE MeetingPlace
Collaboration
CONFERENCE:
1. Go to:
http://audioconference.mitre.org/ 2. Click on
Attend Meeting. If MeetingPlace Collaboration
Window does not automatically open, press
connect.
3. Dial your telephone to connect to the
audio of the meeting.
·
Dial 703-983-6338
(x36338) from the Washington DC
region.
·
Dial 781-271-6338
(x16338) from the Bedford, MA
region.
Meeting ID:
509509, when prompted. Meeting
Password: 05090509, when
prompted.
Visit
http://audioconference.mitre.org to test your
web browser for compatibility with the web
conference. Follow
this link to
the browser test link on the page.
Registration:
Registration
Website: http://www.asq509.org/ht/d/DoSurvey/i/26913
You must register by noon on Monday, February 20. If you cannot attend at any location, select telephone dial-in when you register. To RSVP for FDA (Silver Spring), please indicate citizenship. If not a US citizen, please provide your title, employer, and address. Allow 2 business days for registration before the meeting.