June 17, 2014 at 6:30 PM
ISSA National Capital Chapter June meeting topic:
Scott Lehman and Tom Hallewell
The Five Stages of Grief
How to Implement a Software Assurance Program
Introducing software assurance into your in-house development projects is more a social challenge than a technical one. Elizabeth Kubler-Ross' Five Stages of Grief (Denial, Anger, Bargaining, Depression, and Acceptance) seems like an apt model for the process needed build a robust, effective secure software development program from the ground up.
We will share some of the challenges we encountered while implementing a software assurance program. We will discuss the various stakeholders, and their varying goals, expectations, and fears. We will present suggestions based on our experience that may help your program gain acceptance and produce more secure software. We will briefly describe Continuous Integration/DevOps and discuss some of the security benefits – and risks – that come from this software development approach.
About the Speakers
Scott has over two decades of professional development experience in the commercial, government and military sectors. He leverages this experience in his current Application Security-focused role for a large Federal entity.
Tom Hallewell has more than fifteen years experience in the Information Security field. He has led both development and software security programs. He is currently engaged in the implemention of enterprise identity management in a large Federal Agency. He is also a leader in the National Capitol Chapter of ISSA.