Established September, 1992
Software security issues have become a hot topic especially given recent events of consumer credit card thefts at companies like TJX.
Is your software a "hacker's goldmine"?
Security is one of the attributes that software testing must verify, but yet the number of reported security vulnerabilities keeps increasing.
Clearly the developers are responsible for creating the bugs, but why arenít the testers finding them?
I content that software testing must evolve to include for this particular type of software security vulnerabilities and that a QA organization must augment its current testing regimen to include explicit tests for this class of problems. This talk gives you a brief introduction to the problem space and shows you some common vulnerabilities.
About the Speakers
Joe Jarzombek is the Director for Software Assurance in the Department of Homeland Security (DHS) National Cyber Security Division.
He leads government interagency efforts with industry, academia, and standards organizations to shift the security paradigm away from patch management by addressing security needs in work force education and training, research and development (especially diagnostic tools), and development and acquisition practices.
After retiring from the U.S. Air Force as a Lt. Col. in program management, Jarzombek worked in the cyber security industry as vice president for product and process engineering.
He later served in two software-related positions within the Office of the Secretary of Defense prior to accepting his current position.
As a Project Management Professional, Jarzombek has spoken extensively on measurement, software assurance, and acquisition topics.
He encourages further review of DHS-sponsored software assurance efforts via the Build Security In website.
Robert A. Martin is a Principal Engineer at MITRE. For the past 7 years, Robert's efforts have been focused on the interplay of risk management, cyber security and the development and management of software-based technologies.
The majority of this time has been spent working on the CVE, OVAL, CME, and CWE family of security initiatives.
Robert joined the MITRE in 1981 with a bachelor's and master's in EE from RPI, later he earned an MBA from Babson College.
He is a member of the ACM, AFCEA, IEEE, and the IEEE Computer Society.
Scott Matsumoto is a Principal Consultant at Cigital. Mr. Matsumoto brings over 20 years of commercial software product development experience to the company.
His experience encompasses development of component-based middleware, performance management systems, graphical UIs, language compilers, database management systems and operating system kernels.
Most recently Mr. Matsumoto was the CTO of Spring Street Networks.
Prior to that he was co-founder and CTO of Xtremesoft, which provided component-based application monitoring for Microsoft technology-based applications. Mr. Matsumoto has held positions at other major software companies such as systems architect for Lotus development.
Prior to Lotus, Mr. Matsumoto was a principal at Working Set, Inc., the software company that designed and implemented Digital Equipment Corp.'s SQL compiler.
He was also one of the original designers of Digital's Relational Database system.