Wednesday, November 3, 2010

SecureSDLC - Building Security into the Software Lifecycle

I will be at the SecureSDLC in Washington, DC tomorrow.

Software professionals need the latest tools and information to ensure that software is being built with security in mind starting with the requirements phase.

This program will arm those stakeholders involved with the planning, development, design, coding and deploying of applications about the need for secure software, what should be considered in securing each phase of the software lifecycle and how organizations can create their own software assurance program. Additionally, there will be a look at the regulatory landscape and what professionals need to be aware of concerning this.

Session: Avoiding the Most Dangerous Software Security Weaknesses – the 2010 Top 25
Hosted by MITRE, I'm particularly interested in attending this session. The session description suggests it will talk about application security requirements in procurement contracts. Back at The Mortgage Company, we would often have detailed security requirements and test criteria for any procured software. At The Product Company, I anticipate our customers will soon delineate these and see what the industry de facto due-care is.

Session: Security’s KPIs – Measuring a Successful Web Application Security Program
Hosted by HP. I'm wary of this session since most security conferences that cover KPI's or metrics often leave much to be desired. I hope this one will be different. Just give us something to react to!

I wish they would cover
Embedding secure activities into an Agile life cycle. Microsoft wrote about this but I'd like to hear a talk about it since as I understand it, this may be a contentious issue and I'd like to hear it presented by someone who has gone through it.

No comments:

Post a Comment