Home  >  ASQ Washington, DC &...  >  Events  >  Events & Networking  >  Event Archives  >  Software Special Interest...     Printable Version Tell a friend

Software Special Interest Group Meeting  

Patrick Henry Library, Vienna; FDA Silver Spring; MITRE Bedford MA; MITRE Eatontow; MITRE Aberdeen,
Patrick Henry Library, 101 Maple Ave E, Vienna, VA 22180
FDA, Bld 66, room G512, 10903 New Hampshire Avenue, Silver Spring, MD
Various, Maryland

Feb 21, 2012    6:00 pm - 6:00 pm

Understanding How the Bad Guys

Attack Your Software: CAPEC

by: Sean Barnum

Tuesday February 21, 2012

Security is quickly becoming a primary concern in the development of software today and security knowledge will increasingly become a required arrow in the software developers quiver. By learning to think more like attackers, we gain a better understanding of how to defeat their methods. The Common Attack Pattern Enumeration and Classification (CAPEC�) initiative is a community-driven software security effort to create a publicly available catalog of attack patterns. At the core of CAPEC is the concept of an "Attack Pattern," a powerful mechanism for capturing and codifying various approaches to cyber attack including the detailed action-oriented attack execution flow, the capability and motivation of the attacker, the context within which the attack is possible, the weaknesses being targeted by the attack, characterization of the typical impact of a successful attack, and recommended mitigations to prevent or decrease the impact of the attack. This talk will serve as an overview of the CAPEC project to-date and discuss some of the various uses cases for CAPEC in software development, testing, architecture analysis, and secure operations.

Sean Barnum is a Cyber Security Principal at The MITRE Corporation where he acts as a thought leader and senior advisor on software assurance and cyber security topics to a wide variety of US government sponsors throughout the national security, intelligence community and civil domains. He has over 25 years of experience in the software industry in the areas of architecture, development, software quality assurance, quality management, process architecture & improvement, knowledge management and security. He is a frequent contributor, speaker and trainer for regional, national and international cyber security and software quality publications, conferences & events. He is very active in the Cyber Security community and is involved in numerous knowledge standards-defining efforts including the Common Weakness Enumeration (CWE), the Common Attack Pattern Enumeration and Classification (CAPEC), the Software Assurance Findings Expression Schema (SAFES), the Malware Attribute Enumeration and Characterization (MAEC), the Cyber Observables eXpression (CybOX) and other elements of the Cyber Security Programs of the Department of Homeland Security, Department of Defense and NIST. He is coauthor of the book �Software Security Engineering: A Guide for Project Managers�, published by Addison-Wesley. He serves as the official liaison between ISO/IEC JTC 1/SC 27/WG 3 and the Cyber-Security Naming & Information Structures Group. He also acted as the lead technical subject matter expert for design and implementation of the Air Force Application Software Assurance Center of Excellence (ASACoE.


February, 2012 Software SIG Announcement flyer

5:30 PM � Networking and Pizza(*)

5:50 � 6:50 PM � Program

(*) There is no cost to attend at McLean and Silver Spring.


The presentation will originate at the McLean facility, with video tele-conferencing (VTC) between:

MITRE-2, room 1N100

7515 Colshire Drive

McLean, VA 22102

host: Scott Ankrum

cell: 240-731-7581

FDA, Bld 66, room G512

10903 New Hampshire Ave

Silver Spring, MD 20993
host: James Simpson

cell: 301-996-4976

Your location

could be here!

MITRE, room 1M306

202 Burlington Rd (Rt. 62)

Bedford, MA 01730

host: Tim Rice

cell: 978-758-2704

If you can host another location via VTC, please contact Scott Ankrum (below)

TO ATTEND THE MeetingPlace Collaboration CONFERENCE:

1. Go to: http://audioconference.mitre.org/ 2. Click on Attend Meeting. If MeetingPlace Collaboration Window does not automatically open, press connect. 3. Dial your telephone to connect to the audio of the meeting.

Dial 703-983-6338 (x36338) from the Washington DC region.

Dial 781-271-6338 (x16338) from the Bedford, MA region.

Meeting ID: 509509, when prompted. Meeting Password: 05090509, when prompted.

Visit http://audioconference.mitre.org to test your web browser for compatibility with the web conference. Follow

this link to the browser test link on the page.


Registration Website: https://asq509.org/ht/d/DoSurvey/i/26913

You must register by noon on Monday, February 20. If you cannot attend at any location, select telephone dial-in when you register. To RSVP for FDA (Silver Spring), please indicate citizenship. If not a US citizen, please provide your title, employer, and address. Allow 2 business days for registration before the meeting.