Home  >  ASQ Washington, DC &...  >  Events  >  Events & Networking  >  Event Archives  >  CANCELLED: Software SIG:...     Printable Version Tell a friend

CANCELLED: Software SIG: Secure SDLC � SW Assurance  

Patrick Henry Library, Vienna; FDA Silver Spring; MITRE Bedford MA; MITRE Eatontow; MITRE Aberdeen,
Patrick Henry Library, 101 Maple Ave E, Vienna, VA 22180
FDA, Bld 66, room G512, 10903 New Hampshire Avenue, Silver Spring, MD
Various, Maryland

December 20, 2011

Software Assurance: Enabling Enterprise Resilience and Software Supply Chain Risk Management

by: Joe Jarzombek

Tuesday December 20, 2011



With today�s global IT software supply chain, project management and software/systems engineering processes must explicitly address security risks posed by exploitable software.  Traditionally, these disciplines have not clearly and directly focused on software security risks that can be passed from projects to the organization.  Software security assurance processes and practices span development and acquisition and can be used to enhance project management and quality assurance activities.  Mr. Jarzombek explains the critical need for adherence to the practices, guidelines, rules, and principles used to build security into every phase of software development.  He addresses how the Common Weakness Enumeration (CWE) provides the characterization of exploitable software constructs, and he discusses why this is needed to advance software security assurance.

Joe Jarzombek addresses Department of Homeland Security (DHS) Cyber Security initiatives focused on mitigating risks attributable to exploitable software and how public/private collaboration is necessary to improve cyber security.  In his role as Director for Software Assurance, Joe leads government interagency public/private collaboration efforts with industry, academia, and standards organizations to shift the security paradigm away from patch management by addressing security needs in work force education and training, more comprehensive diagnostic capabilities, software security automation, and security-enhanced development and acquisition practices.


Joe served in the U.S. Air Force as a Lieutenant Colonel in program management.  After retiring from the Air Force, he worked in the cyber security industry as vice president for product and process engineering.  Joe also served in two software-related positions within the Office of the Secretary of Defense prior to accepting his current DHS position.  The National Cyber Security Division (NCSD) works collaboratively with public, private, and international entities to secure cyberspace and America�s cyber assets.  To protect the cyber infrastructure, NCSD has identified two overarching objectives:

  To build and maintain an effective national cyberspace response system

  To implement a cyber-risk management program for the protection of critical infrastructure


For details, see the December Software SIG Announcement.

5:30 PM � Networking and Pizza(*)

5:50 � 6:50 PM � Program

(*) There is no cost to attend at McLean and Silver Spring.


The presentation will originate at the McLean facility, with video tele-conferencing (VTC) between:

MITRE-2, room 1N100

7515 Colshire Drive

McLean, VA 22102

host: Scott Ankrum

cell: 240-731-7581

FDA, Bld 66, room G512

10903 New Hampshire Ave

Silver Spring, MD 20993
host: James Simpson

cell: 301-996-4976



Your location

could be here!

MITRE, room 1M306

202 Burlington Rd (Rt. 62)

Bedford, MA 01730

host: Tim Rice

cell: 978-758-2704

If you can host another location via VTC, please contact Scott Ankrum (below)

TO ATTEND THE MeetingPlace Collaboration CONFERENCE:

1. Go to: http://audioconference.mitre.org/  2. Click on Attend Meeting. If MeetingPlace Collaboration Window does not automatically open, press connect.  3. Dial your telephone to connect to the audio of the meeting.

         Dial 703-983-6338 (x36338) from the Washington DC region.

         Dial 781-271-6338 (x16338) from the Bedford, MA region.

Meeting ID: 509509, when prompted.   Meeting Password: 05090509, when prompted.

Visit http://audioconference.mitre.org to test your web browser for compatibility with the web conference. Follow

this link to the browser test link on the page.


Registration Website: https://asq509.org/ht/d/DoSurvey/i/26913


You must register by noon on Monday, December 19.  If you cannot attend at any location, select telephone dial-in when you register.  To RSVP for FDA (Silver Spring), please indicate citizenship.  If not a US citizen, please provide your title, employer, and address.  Allow 2 business days for registration before the meeting.