Join us on Tuesday, September 17 for our monthly chapter meeting with a special guest speaker:
Expecting Secure, High-Quality Software: Minimizing Technical Debt and Mitigating Risks with Better Measures for Test and Audit
by Joe Jarzombek
Abstract
As external dependencies grow more complex, managing risks attributable to exploitable software includes requirements for security and quality with ‘sufficient’ test and audit regimes throughout the software supply chain. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure. With IoT increasingly dependent upon third-party software, software composition analysis and other forms of testing are used to determine 'fitness for use' and trustworthiness of assets. Standards for measuring and sharing information about software security and quality are used in tools and services that detect weaknesses and vulnerabilities. Test and audit programs provide means upon which organizations use to reduce risk exposures attributable to exploitable software. Ultimately, addressing software supply chain dependencies and leveraging high assurance test regimes enable enterprises to provide more responsive mitigations.
Learning Objectives - Attendees will learn how:
- External dependencies contribute risks in the form of technical debt throughout the software supply chain;
- Standards can be used to convey expectations and measure software security and quality, and they can provide criteria for more relevant audits;
- Software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
- Testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software.
Speaker bio
Joe Jarzombek is Director for Government, Aerospace & Defense Programs in Synopsys, Inc., the Silicon to Software™ partner for innovative organizations developing microelectronic products and software applications. He guides efforts to focus Synopsys’ global leadership in electronic design automation (EDA), silicon IP, and software integrity solutions in addressing technology challenges of the public sector, aerospace and defense, and critical infrastructure. He participates in consortia, public-private collaboration groups, trade associations, standards groups, and R&D projects to assist in accelerating technology adoption.
Previously, Joe served as Global Manager for Software Supply Chain Solutions in the Software Integrity Group at Synopsys. He led efforts to enhance capabilities to mitigate software supply chain risks via software security and quality test technologies and services that integrate within acquisition and development processes; enabling detection, reporting, and remediation of defects and security vulnerabilities to gain assurance and visibility within the software supply chain.
Jarzombek has more than 30 years focused on software security, safety and quality in embedded and networked systems. He has participated in industry consortia such as ITI, SAFECode, NDIA and CISQ; test and certification organizations such as Underwriters Labs’ Cybersecurity Assurance Program, standards bodies, and government agencies to address software assurance and supply chain challenges.
Prior to joining Synopsys, Jarzombek served in the government public sector; collaborating with industry, federal agencies, and international allies in addressing cybersecurity challenges. He served in the US Department of Homeland Security Office of Cybersecurity and Communications as the Director for Software & Supply Chain Assurance, and he served in the US Department of Defense as the Deputy Director for Information Assurance (responsible for Software Assurance) in the Office of the CIO and the Director for Software Intensive Systems in the Office of Acquisition, Technology and Logistics.
Jarzombek is a retired Lt Colonel in US Air Force and a Certified Secure Software Lifecycle Professional (CSSLP) and project management professional. He received an MS in Computer Information Systems from the Air Force Institute of Technology, and a BA in Computer Science and BBA in Data Processing and Analysis from the University of Texas - Austin.
Must RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.
Tuesday, September 17, 2019 at 6:30 pm
Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005
Click here for details.