This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2012/What can an Acquirer do to prevent developers from makedangerous software errors"
Mark.bristow (talk | contribs) (Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightTodays technology enabled environment has an e...") |
Mark.bristow (talk | contribs) |
||
Line 2: | Line 2: | ||
__NOTOC__ | __NOTOC__ | ||
== The Presentation == | == The Presentation == | ||
− | + | Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service. To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service. Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts. The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government agencies included requirements for NIST IR 7622 practices, the OWASP Top 10, and SANS Top 25 CWEs, and SANS certified secure Java developers. Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft. It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services. The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions. | |
== The Speakers == | == The Speakers == | ||
− | Michele Moss | + | <table> |
+ | <tr> | ||
+ | <td> | ||
+ | ===Don Davidson=== | ||
+ | [[Image:Owasp_logo_normal.jpg|left]]Bio TBA | ||
+ | </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td> | ||
+ | ===Michele Moss=== | ||
+ | [[Image:Owasp_logo_normal.jpg|left]]Bio TBA | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude> | <noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude> |
Revision as of 01:04, 12 March 2012
Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org
The Presentation
Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service. To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service. Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts. The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government agencies included requirements for NIST IR 7622 practices, the OWASP Top 10, and SANS Top 25 CWEs, and SANS certified secure Java developers. Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft. It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services. The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.
The Speakers
Don DavidsonBio TBA |
Michele MossBio TBA |
Gold Sponsors |
||||
Silver Sponsors |
||||
Small Business |
||||
Exhibitors |