John Martin, Program Manager, COTS Software Security, The Boeing Company
Shaun Gilmore, Senior Manager, Microsoft
With more than 80 percent of all purchased software containing critical vulnerabilities, the buyer/supplier dynamic in software purchasing has changed dramatically. Buyer assurance requirements have gone from non-existent to unachievable, and supplier responses have ranged from denial to servile. The past lack of standards around what elements of software assurance are important to a buyer results in significant organizational churn, mistrust and unnecessary expense to both buyer and supplier. The SAFECode publication, Principles of Software Assurance Assessment, is a seminal effort in closing this gap. This presentation outlines the practical, scalable implementation of a secure COTS program.
Join SAFECode members John Martin and Shaun Gilmore at the (ISC)2 Security Conference to understand the three best-practice activities every buyer can ask for, build a scalable software assurance implementation strategy that works for both buyer and supplier, and achieve better assurance for COTS software while helping to reduce “compliance” spending.
For more information, click here to visit the event page.