This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/What can an Acquirer do to prevent developers from makedangerous software errors

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |

The Presentation

Today's technology enabled environment has an exponentially increasing number of paths that an adversary could take to compromise an IT product or service. To ensure confidentiality, integrity, and availability of the technology, security professionals must convince stakeholders to adopt foundational and specialized security practices to ensure trustworthiness of the product or service. Acquisition organizations and their stakeholders are engaging in discussions about trustworthiness of the products and services they are acquiring and are incorporating requirements in request for proposals (RFPs) and contracts. The question is are they choosing the language that best represents their needs or are they simply looking for a one size fits all solution. Over the last 6 months multiple RFPs from the a diverse group of US Government agencies included requirements for NIST IR 7622 practices, the OWASP Top 10, and SANS Top 25 CWEs, and SANS certified secure Java developers. Recently some statements from NISTIR 7622 on ICT Supply Chain Risk Management were found in a large government procurement and the document is just a draft. It is clear that development teams need to be ready to deliver against additional requirements for trustworthy technology products and services. The session will tackle many questions related to understanding why developers continue to make these dangerous coding errors including how developers can work with security practitioners and organizations to ensure the success of their business mission and functions.

The Speakers

Don Davidson

Mr. Davidson is currently assigned to Trusted Mission Systems and Networks (TMSN, formerly known as the Globalization Task Force, GTF) in the Office of the Department of Defense Chief Information Officer (DoD CIO), where he leads the outreach, S&T investment and standardization efforts for the White House's Comprehensive National CyberSecurity Initiative (CNCI) task #11 on improving Supply Chain Risk Management for Information Communications Technology capabilities (ICT SCRM).

He has over 37 years of federal service, to include 11 years active duty, as well as civilian assignments in Army Research Laboratory, Army Materiel Command, Army Secretariat, US Joint Forces Command, OUSD-Acquisition, Technology & Logistics (AT&L), and OASD-Networks and Information Integration (NII), which is now known only as the DoD-Chief Information Office (CIO).

He currently chairs a Global ICT-SCRM Ad-Hoc WG under American National Standards Institute / International Committee for Information Technology Standards (ANSI / INCITS). He co-chairs the US interagency working group on SCRM LifeCycle Processes & Standards. He serves as the government Co-Chair for the Acquisition & Outsourcing Working Group with the Software Assurance Program; SwA Program is a public-private partnership effort sponsored by DHS, DoD and DoC (NIST). He helped establish the ongoing DoD Anti-Counterfeits Working Group and a new DoD 'Core' Software Assurance (SwA) Working Group. He is advising National Defense Industrial Association (NDIA) on their new Cyber Division. He also serves on the Executive Board of Directors for SOLE, the International Society of Logistics, as the VP for Technical & Professional Development. SOLE is a 501c3 not-for-profit organization.

He is a graduate of Brookings Institute's Executive Leadership 1 & 2 (2005), UNC's LOGTECH at Kenan-Flagler Business School of the University of North Carolina at Chapel Hill (2007) and the Defense Leadership and Management Program (DLAMP, 2008).

He has a Bachelor of Science Degree in Engineering from USMA at West Point NY and a Master of Science Degree in National Security Strategy with concentration in Information Resources Management from the National War College (NWC) at National Defense University.

Michele Moss

Owasp logo normal.jpg

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg