Presentation is loading. Please wait.

Presentation is loading. Please wait.

Randy Beavers CS 585 – Computer Security February 19, 2009.

Published byCatherine McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "Randy Beavers CS 585 – Computer Security February 19, 2009."— Presentation transcript:

1 Randy Beavers CS 585 – Computer Security February 19, 2009

2  Software underpins information infrastructure.  Organizations widely and increasingly use COTS software.  Cyber attacks are becoming more stealthy and sophisticated, creating a complex environment. Software Assurance: An Overview of Current Industry Best Practices

3  Vendors have undertaken significant efforts to improve and protect software integrity.  Software Assurance critical to public safety and economic and national security.  Shows how SAFECode members approach software assurance, and how to use best practices for software development. Software Assurance: An Overview of Current Industry Best Practices

4  Software Assurance Forum for Excellence in Code.  A non-profit organization exclusively dedicate to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. Software Assurance: An Overview of Current Industry Best Practices

5  EMC Corporation  Juniper Networks, Inc.  Microsoft Corporation  SAP AG  Symantec Corporation  Website: www.safecode.org Founded by: Software Assurance: An Overview of Current Industry Best Practices

6 The Challenge of Software Assurance and Security Software Assurance encompasses the development and implementation of methods and processes for ensuring that software functions as intended while mitigating the risks of vulnerabilities, malicious code or defects that could bring harm to the end user. Software Assurance: An Overview of Current Industry Best Practices

7  Vital to ensuring the security of critical information.  Information and communications technology vendors have responsibility to address assurance in every stage of application development.  Integrators, operators, and end users share responsibility for ensuring security of critical information systems. Software Assurance: Software Assurance: An Overview of Current Industry Best Practices

8  Software assurance risks faced by users today can be categorized in three areas:  1. Accidental design or implementation errors.  2. The changing technological environment.  3. Malicious insiders. Software Assurance: An Overview of Current Industry Best Practices

9  Inadvertently create faulty software design or implementation highlights risk area for: ◦ Hackers ◦ Viruses ◦ Worms ◦ Other malicious attacks Software Assurance: An Overview of Current Industry Best Practices  Developers address risks through: o Training. o Use of secure development practices and tools.

10  Rapid change and innovation are characteristics of the IT industry.  Criminals can and do innovate also. They have created a complex and lucrative criminal economy.  The process is one of on-going improvement as new threats are created, and new countermeasures developed and implemented. Software Assurance: An Overview of Current Industry Best Practices

11  Growing concern that global software development processes could be exploited by a rogue programmer or organized group of programmers.  There are proven best practices that companies use to manage their unique development infrastructure and business models. Software Assurance: An Overview of Current Industry Best Practices

12  Vendors have responsibility and business incentive to ensure product assurance and security.  Customers demand software be secure and reliable.  Vendors must protect brand names and company reputations. Software Assurance: An Overview of Current Industry Best Practices

13  Software development varies by vendor and unique products, organizational structure, and customer requirements.  No single method that yields software assurance and security.  Regardless, there is a core of best practices for software assurance and security. Software Assurance: An Overview of Current Industry Best Practices

14  Several different development methodologies, but they all share the following common elements:  Concept.  Requirements.  Design and Documentation.  Programming.  Testing, Integration, and Internal Evaluation.  Release.  Maintenance, Sustaining Engineering, and Incident Response. Software Assurance: An Overview of Current Industry Best Practices

15 Across SAFECode’s membership, security best practices and controls are well established: Software Assurance: An Overview of Current Industry Best Practices Security TrainingSecurity Documentation Defining Security RequirementsSecurity Readiness Secure DesignSecurity Response Secure CodingIntegrity Verification Secure Source Code HandlingSecurity Research Security TestingSecurity Evangelism

16  INTEGRATORS.  Work in partnership with vendors to mitigate vulnerabilities.  OPERATORS.  Must deploy standard layered defense security measures.  END USERS.  Responsible software use a requirement for software assurance and security. Software Assurance: An Overview of Current Industry Best Practices

17 www.safecode.org

Download ppt "Randy Beavers CS 585 – Computer Security February 19, 2009."

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Www.QinetiQ-NA.com © QinetiQ North America, Inc. 2010 QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.

© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.

INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Www.mobilevce.com © 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,

Course ILT Course Code CSN 208 Network Security. Course ILT Course Description This course provides an in-depth study of network security issues, standards,
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
Management Information Systems

Management Information Systems
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Similar presentations

Ads by Google