|
Special Conference Session
|
Mitigating Software Supply Chain Risks:
Security-Enhanced Quality Assurance, Software Testing, and Project Management
October 4, 2010 - Maritime Institute, Baltimore, MD
The
QAI/QAAM conference, in collaboration with the Software Assurance
Forum working group members, is pleased to offer "Mitigating Software
Supply Chain Risks: Security-Enhanced Quality Assurance, Software
Testing and Project Management” - a Software Assurance workshop. The
workshop is designed to present information on how to improve software
security practices in software testing, quality assurance, and project
management – focused on mitigating risks to projects and enterprises
attributable to exploitable software. We will be reviewing industry
standards, maturity models, and certification schema for testing,
quality, and organizational capability benchmarking, and we will
address how static analysis tools can be used to support these efforts.
This
is a “workshop” and is not a “spectator event” - nor is it meant to be
strictly informational in nature. Attendees will be expected suggest
improvements to current industry practice.
Why the workshop? Software is essential to the operation of the
Nation’s critical infrastructure. Vulnerabilities in software can
jeopardize intellectual property, consumer trust, and business
operations and services. Additionally, a broad spectrum of critical
applications and infrastructure, from process control systems to
commercial application products, depend on secure, reliable software.
It is estimated that 90 percent of reported security incidents result
from exploits against defects in the design or build of software.
Therefore, ensuring the integrity and resiliency of software is vital
to protecting the infrastructure from threats which target software
vulnerabilities, and reducing overall risk from cyber attacks. In order
to ensure system reliability, integrity, and safety, it is critical to
include provisions for built-in security of the enabling software.
 This
is a free “space available” workshop (with priority given to those
with paid registration to the QAI/QAAM Conference being held Oct 5-6,
2010). This workshop is being sponsored by Keane Federal Systems. Registrants
must request to attend this Monday session with an understanding that
those registered for the QAAM 2-day conference have a priority for
attending this October 4th session. Those who request to attend will be
notified at a later time whether space is available.
Contact Darrin Crittington for more information: dcrittington@qaiworldwide.org 1-866-724-6013
|
Workshop on Mitigating Software Supply Chain Risks:
Security-Enhanced Quality Assurance Software Testing, and Project Management
(Tentative Schedule - Invited Speakers)
| 8-9 a.m. |
Continental Breakfast
|
| 9-9:15 a.m. |
Opening Remarks
Susan Burgess, QAAM Conference Chair
Keane Federal Systems
|
| 9:15-9:45 a.m. |
Software
Supply Chain Risk Management: Software Assurance Needs for
Security-Enhanced Software Testing, Quality Assurance and Project
Management
Joe Jarzombek, Director for Software Assurance
National Cyber Security Division (NCSD), Department of Homeland Security (DHS)
|
| 9:45-10:30 a.m. |
QA and Testing Training and Certification Programs
TBA
|
| 10:30-11 a.m. |
Networking Break
|
| 11-11:30 a.m. |
Software System Security Principles
TBA
|
| 11:30 a.m.-12:00 p.m. |
Certification Schemas for Security
TBA
|
| 12-1:15 p.m. |
Lunch and Networking
|
| 1:30-1:45 p.m. |
Joe Jarzombek - Facilitator
|
| 1:45-2:15 p.m. |
Security-Enhanced Software Testing for QA Professionals
TBA
|
| 2:15-2:45 p.m. |
Assurance in Standards and Capability Maturity Models
TBA
|
| 2:45-3:15 p.m. |
Break
|
| 3:15-4:30 p.m. |
Using Static Analysis Tools to Mitigate Software Supply Chain Risks
Panel: Paul Croll, CSC, Susan Burgess, Keane Federal Systems, others TBA
|
| 4:30-5 p.m. |
Recommendations & Software Assurance Workshop Wrap-Up |
|
|