The essential role of infosec in secure software development

The presentation

Secure software development won't succeed without substantial collaboration among the infosec teams in an organization. In this session, I describe and discuss various established secure software practices and why involvement of infosec staff is so vital to their success. Citing numerous examples of case studies, I spotlight myriad successes and failures encountered in both small and very large software development organizations. Additionally, for each software security practice, I provide an actionable list of things a software development team should start doing to immediately improve its results through collaboration with (generally in-house) infosec staff.

The speaker

Kenneth R. van Wyk is an internationally recognized information security expert and author of the O'Reilly and Associates books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds numerous positions: Founder and moderator of the "Secure Coding" mailing list, Member of the Board of Directors and Steering Committee for non-profit organization, FIRST.org, Inc., monthly columnist for on-line security portal, eSecurityPlanet, and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute. Ken has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities. At Carnegie Mellon University's Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®).