Home > ASQ Washington, DC &... > Events > Events & Networking > Event Archives > CANCELLED: Software SIG:... Printable Version Tell a friend
CANCELLED: Software SIG: Secure SDLC � SW Assurance
Patrick Henry Library, Vienna; FDA Silver Spring; MITRE Bedford MA; MITRE Eatontow; MITRE Aberdeen,
Patrick Henry Library, 101 Maple Ave E, Vienna, VA 22180
FDA, Bld 66, room G512, 10903 New Hampshire Avenue, Silver Spring, MD
December 20, 2011
Software Assurance: Enabling Enterprise Resilience and Software Supply Chain Risk Management
by: Joe Jarzombek
Tuesday December 20, 2011
THIS MEETING HAS BEEN CANCELLED
With today�s global IT software supply chain, project management and software/systems engineering processes must explicitly address security risks posed by exploitable software. Traditionally, these disciplines have not clearly and directly focused on software security risks that can be passed from projects to the organization. Software security assurance processes and practices span development and acquisition and can be used to enhance project management and quality assurance activities. Mr. Jarzombek explains the critical need for adherence to the practices, guidelines, rules, and principles used to build security into every phase of software development. He addresses how the Common Weakness Enumeration (CWE) provides the characterization of exploitable software constructs, and he discusses why this is needed to advance software security assurance.
Joe Jarzombek addresses Department of Homeland Security (DHS) Cyber Security initiatives focused on mitigating risks attributable to exploitable software and how public/private collaboration is necessary to improve cyber security. In his role as Director for Software Assurance, Joe leads government interagency public/private collaboration efforts with industry, academia, and standards organizations to shift the security paradigm away from patch management by addressing security needs in work force education and training, more comprehensive diagnostic capabilities, software security automation, and security-enhanced development and acquisition practices.
Joe served in the U.S. Air Force as a Lieutenant Colonel in program management. After retiring from the Air Force, he worked in the cyber security industry as vice president for product and process engineering. Joe also served in two software-related positions within the Office of the Secretary of Defense prior to accepting his current DHS position. The National Cyber Security Division (NCSD) works collaboratively with public, private, and international entities to secure cyberspace and America�s cyber assets. To protect the cyber infrastructure, NCSD has identified two overarching objectives:
� To build and maintain an effective national cyberspace response system
� To implement a cyber-risk management program for the protection of critical infrastructure
For details, see the December Software SIG Announcement.
5:30 PM � Networking and Pizza(*)
5:50 � 6:50 PM � Program
(*) There is no cost to attend at McLean and Silver Spring.
The presentation will originate at the McLean facility, with video tele-conferencing (VTC) between:
MITRE-2, room 1N100
7515 Colshire Drive
McLean, VA 22102
host: Scott Ankrum
FDA, Bld 66, room G512
10903 New Hampshire Ave
Silver Spring, MD 20993
could be here!
MITRE, room 1M306
202 Burlington Rd (Rt. 62)
Bedford, MA 01730
host: Tim Rice
If you can host another location via VTC, please contact Scott Ankrum (below)
TO ATTEND THE MeetingPlace Collaboration CONFERENCE:
1. Go to: http://audioconference.mitre.org/ 2. Click on Attend Meeting. If MeetingPlace Collaboration Window does not automatically open, press connect. 3. Dial your telephone to connect to the audio of the meeting.
� Dial 703-983-6338 (x36338) from the Washington DC region.
� Dial 781-271-6338 (x16338) from the Bedford, MA region.
Meeting ID: 509509, when prompted. Meeting Password: 05090509, when prompted.
Visit http://audioconference.mitre.org to test your web browser for compatibility with the web conference. Follow
this link to the browser test link on the page.
Registration Website: https://asq509.org/ht/d/DoSurvey/i/26913
You must register by noon on Monday, December 19. If you cannot attend at any location, select telephone dial-in when you register. To RSVP for FDA (Silver Spring), please indicate citizenship. If not a US citizen, please provide your title, employer, and address. Allow 2 business days for registration before the meeting.