OWASP AppSec DC 2012/What can an Acquirer do to prevent developers from makedangerous software errors

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Todays technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service. To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service. Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts. The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government agencies included requirements for NIST IR 7622 practices, the OWASP Top 10, and SANS Top 25 CWEs, and SANS certified secure Java developers. Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft. It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services. The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.

The Speakers

Don Davidson Bio TBA

Michele Moss Bio TBA

Gold Sponsors
Silver Sponsors
Small Business
Exhibitors