Increasing Software Security Up and Down the Supply Chain

Overview

The most dramatic increases in security come from avoiding vulnerabilities in enterprise systems and applications. Studies by NIST, the Center for Internet Security and the SANS What Works program continually show that security programs that can remove vulnerabilities before they are exposed on product systems actually end up reducing security spending while measurably decreasing the frequency and size of breaches and other cybersecurity incidents.

This SANS webinar will take a “What Works” look at successful efforts in reducing software vulnerabilities across the entire enterprise software life cycle and supply chain. Attend this webinar and hear advice from and get your questions answered by John Pescatore, SANS Director of Emerging Security Trends; Steve Lipner, SAFECode Executive Director; John Martin, Boeing Director of COTS Software Security; and Chris Wysopal, Veracode CTO and co-founder

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and voice systems “and the occasional ballistic armor installation.” John has testified before Congress about cyber security, was named one of the 15 most-influential people in security in 2008 and remains an NSA-certified cryptologic engineer.

Steve Lipner

Steve Lipner is the Executive Director of SAFECode, a non-profit organization dedicated to increasing trust in ICT products and services through the advancement of effective software assurance methods. He retired in 2015 as Partner Director of Software Security at Microsoft where he was the creator and long-time leader of the Microsoft Security Development Lifecycle (SDL). Prior to his retirement, Lipner served as board chair of SAFECode. Lipner was also responsible for Microsoft’s policies and strategies for security evaluation of products by governments, and for Microsoft’s approach to supply chain security and product integrity. He holds twelve U.S. patents in computer and network security, and was elected in 2015 to the National Cybersecurity Hall of Fame.

John Martin

John Martin, CISSP, CISM, is a 30 year computing security professional whose first meaningful claims to anonymity lay in BBS doors and other long-forgotten dial-up exploits. In his spare time, he designs specialized NSA-proof tin-foil hats designed to keep the implant signals in.

He was an early proponent of security systems test automation and has performed structured security testing across three continents.

John developed and manages Boeing’s standards-based Supplier Application Assessment and Secure Code Capability Assessment Programs which focus on reducing risk and cost posed by security vulnerabilities in third-party software through software testing and secure-code program development. In this function, John and his team work directly with many software suppliers to help them understand the benefits for integrating software security into their development process. In the past eleven years spent at Boeing. John has worked with many business units and leaders to shift their idea of security as a burden to understanding how the security teams can help accelerate

Chris Wysopal

Chris Wysopal is Co-Founder, Chief Technology Officer at Veracode, which he co-founded in 2006. He oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec.

In the 1990’s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software.

Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

Chris is often called upon to download the latest Minecraft mods for his 6-year-old son. An avid photographer and nature-lover, Chris spends his free time hiking the many conservation trails near his home outside Boston.