Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

Published byTabitha Manning Modified over 9 years ago

Similar presentations

Presentation on theme: " Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements."— Presentation transcript:

1  Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements  Proactive, forward-thinking  Eliminate redundancies, coordinate processes  Improve productivity  Reduce cost  NIST estimates that code fixes performed after release can result in 30 times the cost of fixes performed during the design phase  Additional costs may include a significant loss of user productivity and confidence. An ounce of prevention is worth a pound of cure  Secure by design  Secure architecture, design, and structure  Threat modeling and mitigation  Elimination of vulnerabilities  Improvements in security  Secure by default  Least privilege  Defense in depth  Conservative default settings  Avoidance of risky default changes  Less commonly used services off by default  Secure in deployment  Deployment guides  Analysis and management tools  Patch deployment tools

2  Security Training  Secure design  Threat modeling  Secure coding  Security testing  Privacy  Response  Execute response planTrainingRequirements Design Implementation Verification Release Response An ounce of prevention is worth a pound of cure

3  Requirements  Security requirements  Quality gates  Bug bars  Security and privacy risk assessment  Design  Design requirements  Attack surface reduction  Threat modelingTrainingRequirements Design Implementation Verification Release Response An ounce of prevention is worth a pound of cure

4  Implementation  Use approved tools  Deprecate unsafe functions  Static analysis  Verification  Dynamic program analysis  Fuzz testing  Threat modeling  Release  Incident response plan  Final security reviewTrainingRequirements Design Implementation Verification Release Response An ounce of prevention is worth a pound of cure

5  Release (optional)  Manual code review  Penetration testing  Vulnerability analysisTrainingRequirements Design Implementation Verification Release Response An ounce of prevention is worth a pound of cure

Download ppt " Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements."

Similar presentations

PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security Development Lifecycle Randy Guthrie Microsoft Developer Evangelist

Security Development Lifecycle Randy Guthrie Microsoft Developer Evangelist
12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.

12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Software Security Testing by Gary McGraw, Bruce Potter presented by Edward Bonver 11/07/2005.

Software Security Testing by Gary McGraw, Bruce Potter presented by Edward Bonver 11/07/2005.
Vulnerability Assessments

Vulnerability Assessments
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
MSDN Webcast - SDL Process. Agenda  Fuzzing & The SDL  Integration of fuzzing  Importance of fuzzing Michael Eddington Déjà vu Security

MSDN Webcast - SDL Process. Agenda  Fuzzing & The SDL  Integration of fuzzing  Importance of fuzzing Michael Eddington Déjà vu Security
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE 10.23.13 -10.24.13.

IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
The Trustworthy Computing Security Development Lifecycle Steve Lipner Director of Security Engineering Strategy Security Business and Technology Unit.

The Trustworthy Computing Security Development Lifecycle Steve Lipner Director of Security Engineering Strategy Security Business and Technology Unit.

Similar presentations

Ads by Google