https://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2012/What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors&feed=atom&action=historyOWASP AppSec DC 2012/What can an Acquirer do to prevent developers from makedangerous software errors - Revision history2024-03-29T00:07:46ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2012/What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors&diff=126863&oldid=prevMark.bristow at 18:34, 25 March 20122012-03-25T18:34:59Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 18:34, 25 March 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l2" >Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>__NOTOC__</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>__NOTOC__</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== The Presentation  ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== The Presentation  ==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">Todays </del>technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service.  To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service.    Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts.  The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government  agencies included requirements for  NIST  IR 7622  practices,  the OWASP Top 10,  and SANS Top 25 CWEs, and SANS certified secure Java developers.  Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft.  It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services.  The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Today's </ins>technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service.  To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service.    Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts.  The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government  agencies included requirements for  NIST  IR 7622  practices,  the OWASP Top 10,  and SANS Top 25 CWEs, and SANS certified secure Java developers.  Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft.  It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services.  The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== The Speakers  ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== The Speakers  ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><table></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><table></div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l8" >Line 8:</td>
<td colspan="2" class="diff-lineno">Line 8:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><td></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><td></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>===Don Davidson===</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>===Don Davidson===</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[Image:AppSecDC12-Davidson.jpg|left]]Mr. Davidson is currently assigned to Trusted Mission Systems and Networks (TMSN, formerly known as the Globalization Task Force, GTF) in the Office of the Department of Defense Chief Information Officer (DoD CIO), where he leads the outreach, S&T investment and standardization efforts for the White <del class="diffchange diffchange-inline">HouseÕs </del>Comprehensive National CyberSecurity Initiative (CNCI) task #11 on improving Supply Chain Risk Management for Information Communications Technology capabilities (ICT SCRM).   </div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[[Image:AppSecDC12-Davidson.jpg|left]]Mr. Davidson is currently assigned to Trusted Mission Systems and Networks (TMSN, formerly known as the Globalization Task Force, GTF) in the Office of the Department of Defense Chief Information Officer (DoD CIO), where he leads the outreach, S&T investment and standardization efforts for the White <ins class="diffchange diffchange-inline">House's </ins>Comprehensive National CyberSecurity Initiative (CNCI) task #11 on improving Supply Chain Risk Management for Information Communications Technology capabilities (ICT SCRM).   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>He has over 37 years of federal service, to include 11 years active duty, as well as civilian assignments in Army Research Laboratory, Army Materiel Command, Army Secretariat, US Joint Forces Command, OUSD-Acquisition, Technology & Logistics (AT&L), and OASD-Networks and Information Integration (NII), which is now known only as the DoD-Chief Information Office (CIO).</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>He has over 37 years of federal service, to include 11 years active duty, as well as civilian assignments in Army Research Laboratory, Army Materiel Command, Army Secretariat, US Joint Forces Command, OUSD-Acquisition, Technology & Logistics (AT&L), and OASD-Networks and Information Integration (NII), which is now known only as the DoD-Chief Information Office (CIO).</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>He currently chairs a Global ICT-SCRM Ad-Hoc WG under American National Standards Institute / International Committee for Information Technology Standards (ANSI / INCITS).  He co-chairs the US interagency working group on SCRM LifeCycle Processes & Standards.  He serves as the government Co-Chair for the Acquisition & Outsourcing Working Group with the Software Assurance Program; SwA Program is a public-private partnership effort sponsored by DHS, DoD and DoC (NIST). He helped establish the ongoing DoD Anti-Counterfeits Working Group and a new DoD <del class="diffchange diffchange-inline">ÒCoreÓ </del>Software Assurance (SwA) Working Group.  He is advising National Defense Industrial Association (NDIA) on their new Cyber Division.  He also serves on the Executive Board of Directors for SOLE, the International Society of Logistics, as the VP for Technical & Professional Development.  SOLE is a 501c3 not-for-profit organization.   </div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>He currently chairs a Global ICT-SCRM Ad-Hoc WG under American National Standards Institute / International Committee for Information Technology Standards (ANSI / INCITS).  He co-chairs the US interagency working group on SCRM LifeCycle Processes & Standards.  He serves as the government Co-Chair for the Acquisition & Outsourcing Working Group with the Software Assurance Program; SwA Program is a public-private partnership effort sponsored by DHS, DoD and DoC (NIST). He helped establish the ongoing DoD Anti-Counterfeits Working Group and a new DoD <ins class="diffchange diffchange-inline">'Core' </ins>Software Assurance (SwA) Working Group.  He is advising National Defense Industrial Association (NDIA) on their new Cyber Division.  He also serves on the Executive Board of Directors for SOLE, the International Society of Logistics, as the VP for Technical & Professional Development.  SOLE is a 501c3 not-for-profit organization.   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>He is a graduate of Brookings <del class="diffchange diffchange-inline">InstituteÕs </del>Executive Leadership 1 & 2 (2005), <del class="diffchange diffchange-inline">UNCÕs </del>LOGTECH at Kenan-Flagler Business School of the University of North Carolina at Chapel Hill (2007) and the Defense Leadership and Management Program (DLAMP, 2008).</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>He is a graduate of Brookings <ins class="diffchange diffchange-inline">Institute's </ins>Executive Leadership 1 & 2 (2005), <ins class="diffchange diffchange-inline">UNC's </ins>LOGTECH at Kenan-Flagler Business School of the University of North Carolina at Chapel Hill (2007) and the Defense Leadership and Management Program (DLAMP, 2008).</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>He has a Bachelor of Science Degree in Engineering from USMA at West Point NY and a Master of Science Degree in National Security Strategy with concentration in Information Resources Management from the National War College (NWC) at National Defense University.   </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>He has a Bachelor of Science Degree in Engineering from USMA at West Point NY and a Master of Science Degree in National Security Strategy with concentration in Information Resources Management from the National War College (NWC) at National Defense University.   </div></td></tr>
</table>Mark.bristowhttps://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2012/What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors&diff=126174&oldid=prevMark.bristow at 00:45, 13 March 20122012-03-13T00:45:33Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 00:45, 13 March 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l8" >Line 8:</td>
<td colspan="2" class="diff-lineno">Line 8:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><td></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><td></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>===Don Davidson===</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>===Don Davidson===</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[Image:<del class="diffchange diffchange-inline">Owasp_logo_normal</del>.jpg|left]]<del class="diffchange diffchange-inline">Bio TBA</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[[Image:<ins class="diffchange diffchange-inline">AppSecDC12-Davidson</ins>.jpg|left]]<ins class="diffchange diffchange-inline">Mr. Davidson is currently assigned to Trusted Mission Systems and Networks (TMSN, formerly known as the Globalization Task Force, GTF) in the Office of the Department of Defense Chief Information Officer (DoD CIO), where he leads the outreach, S&T investment and standardization efforts for the White HouseÕs Comprehensive National CyberSecurity Initiative (CNCI) task #11 on improving Supply Chain Risk Management for Information Communications Technology capabilities (ICT SCRM).  </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">He has over 37 years of federal service, to include 11 years active duty, as well as civilian assignments in Army Research Laboratory, Army Materiel Command, Army Secretariat, US Joint Forces Command, OUSD-Acquisition, Technology & Logistics (AT&L), and OASD-Networks and Information Integration (NII), which is now known only as the DoD-Chief Information Office (CIO).</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">He currently chairs a Global ICT-SCRM Ad-Hoc WG under American National Standards Institute / International Committee for Information Technology Standards (ANSI / INCITS).  He co-chairs the US interagency working group on SCRM LifeCycle Processes & Standards.  He serves as the government Co-Chair for the Acquisition & Outsourcing Working Group with the Software Assurance Program; SwA Program is a public-private partnership effort sponsored by DHS, DoD and DoC (NIST). He helped establish the ongoing DoD Anti-Counterfeits Working Group and a new DoD ÒCoreÓ Software Assurance (SwA) Working Group.  He is advising National Defense Industrial Association (NDIA) on their new Cyber Division.  He also serves on the Executive Board of Directors for SOLE, the International Society of Logistics, as the VP for Technical & Professional Development.  SOLE is a 501c3 not-for-profit organization.  </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">He is a graduate of Brookings InstituteÕs Executive Leadership 1 & 2 (2005), UNCÕs LOGTECH at Kenan-Flagler Business School of the University of North Carolina at Chapel Hill (2007) and the Defense Leadership and Management Program (DLAMP, 2008).</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">He has a Bachelor of Science Degree in Engineering from USMA at West Point NY and a Master of Science Degree in National Security Strategy with concentration in Information Resources Management from the National War College (NWC) at National Defense University.  </ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div></td></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div></td></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div></tr></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div></tr></div></td></tr>
</table>Mark.bristowhttps://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2012/What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors&diff=126024&oldid=prevMark.bristow at 01:04, 12 March 20122012-03-12T01:04:19Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 01:04, 12 March 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l2" >Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>__NOTOC__</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>__NOTOC__</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== The Presentation  ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== The Presentation  ==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">[[Image:Owasp_logo_normal.jpg|right]]</del>Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service.  To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service.    Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts.  The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government  agencies included requirements for  NIST  IR 7622  practices,  the OWASP Top 10,  and SANS Top 25 CWEs, and SANS certified secure Java developers.  Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft.  It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services.  The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service.  To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service.    Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts.  The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government  agencies included requirements for  NIST  IR 7622  practices,  the OWASP Top 10,  and SANS Top 25 CWEs, and SANS certified secure Java developers.  Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft.  It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services.  The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== The Speakers  ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== The Speakers  ==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Michele Moss <del class="diffchange diffchange-inline">and Don Davidson</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"><table></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"><tr></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"><td></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">===Don Davidson===</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">[[Image:Owasp_logo_normal.jpg|left]]Bio TBA</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"></td></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"></tr></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"><tr></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"><td></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">===</ins>Michele Moss<ins class="diffchange diffchange-inline">===</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">[[Image:Owasp_logo_normal.jpg|left]]Bio TBA</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"></td></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"></tr></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"></table></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude></div></td></tr>
</table>Mark.bristowhttps://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2012/What_can_an_Acquirer_do_to_prevent_developers_from_makedangerous_software_errors&diff=125491&oldid=prevMark.bristow: Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightTodays technology enabled environment has an e..."2012-03-02T20:58:49Z<p>Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == <a href="/index.php/File:Owasp_logo_normal.jpg" title="File:Owasp logo normal.jpg">right</a>Todays technology enabled environment has an e..."</p>
<p><b>New page</b></p><div><noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude><br />
__NOTOC__<br />
== The Presentation ==<br />
[[Image:Owasp_logo_normal.jpg|right]]Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service. To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service. Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts. The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government agencies included requirements for NIST IR 7622 practices, the OWASP Top 10, and SANS Top 25 CWEs, and SANS certified secure Java developers. Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft. It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services. The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.<br />
== The Speakers ==<br />
Michele Moss and Don Davidson<br />
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude></div>Mark.bristow