CANCELLED: Software SIG: Secure SDLC – SW Assurance  

Software Assurance: Enabling Enterprise Resilience and Software Supply Chain Risk Management

by: Joe Jarzombek

Tuesday December 20, 2011

 

THIS MEETING HAS BEEN CANCELLED

With today’s global IT software supply chain, project management and software/systems engineering processes must explicitly address security risks posed by exploitable software.  Traditionally, these disciplines have not clearly and directly focused on software security risks that can be passed from projects to the organization.  Software security assurance processes and practices span development and acquisition and can be used to enhance project management and quality assurance activities.  Mr. Jarzombek explains the critical need for adherence to the practices, guidelines, rules, and principles used to build security into every phase of software development.  He addresses how the Common Weakness Enumeration (CWE) provides the characterization of exploitable software constructs, and he discusses why this is needed to advance software security assurance.

Joe Jarzombek addresses Department of Homeland Security (DHS) Cyber Security initiatives focused on mitigating risks attributable to exploitable software and how public/private collaboration is necessary to improve cyber security.  In his role as Director for Software Assurance, Joe leads government interagency public/private collaboration efforts with industry, academia, and standards organizations to shift the security paradigm away from patch management by addressing security needs in work force education and training, more comprehensive diagnostic capabilities, software security automation, and security-enhanced development and acquisition practices.

 

Joe served in the U.S. Air Force as a Lieutenant Colonel in program management.  After retiring from the Air Force, he worked in the cyber security industry as vice president for product and process engineering.  Joe also served in two software-related positions within the Office of the Secretary of Defense prior to accepting his current DHS position.  The National Cyber Security Division (NCSD) works collaboratively with public, private, and international entities to secure cyberspace and America’s cyber assets.  To protect the cyber infrastructure, NCSD has identified two overarching objectives:

•  To build and maintain an effective national cyberspace response system

•  To implement a cyber-risk management program for the protection of critical infrastructure

 

For details, see the December Software SIG Announcement.

5:30 PM – Networking and Pizza(*)

5:50 – 6:50 PM – Program

(*) There is no cost to attend at McLean and Silver Spring.

Locations:

The presentation will originate at the McLean facility, with video tele-conferencing (VTC) between:

If you can host another location via VTC, please contact Scott Ankrum (below)

TO ATTEND THE MeetingPlace Collaboration CONFERENCE:

1. Go to: http://audioconference.mitre.org/  2. Click on Attend Meeting. If MeetingPlace Collaboration Window does not automatically open, press connect.  3. Dial your telephone to connect to the audio of the meeting.

·         Dial 703-983-6338 (x36338) from the Washington DC region.

·         Dial 781-271-6338 (x16338) from the Bedford, MA region.

Meeting ID: 509509, when prompted.   Meeting Password: 05090509, when prompted.

Visit http://audioconference.mitre.org to test your web browser for compatibility with the web conference. Follow

this link to the browser test link on the page.

Registration:

Registration Website: https://asq509.org/ht/d/DoSurvey/i/26913

 

You must register by noon on Monday, December 19.  If you cannot attend at any location, select telephone dial-in when you register.  To RSVP for FDA (Silver Spring), please indicate citizenship.  If not a US citizen, please provide your title, employer, and address.  Allow 2 business days for registration before the meeting.