Opening Panel Featuring Exec. Dir. Howard A. Schmidt Asks “How Do We Secure Tomorrow, Today?”; New Programs Train the Next Generation in Threat Modeling and Using Cryptography
Wakefield, Mass. and Munich, Germany – October 20, 2015 – The Software Assurance Forum for Excellence in Code (SAFECode) today announced its participation in the second annual (ISC)2 Security Congress EMEA. With such a premiere event focused on education and training, SAFECode also took the opportunity to debut the latest modules in its Security Engineering Training by SAFECode program, with the newest materials focusing on some of the most pressing and visible issues facing the industry, including cryptography and threat modeling.
After a highly successful inaugural year, (ISC)² Security Congress EMEA offers a unique opportunity within the European, Middle Eastern and African regions to participate in a comprehensive education program and offer invaluable connections and conversations with peers in the international professional community. With an overarching theme of “How Do We Secure Tomorrow, Today?”, SAFECode Executive Director, Howard A. Schmidt is a featured member of the opening panel on the topic. Chaired by, Adrian Davis, Managing Director EMEA Region, (ISC)2, Schmidt is joined by Georg Freundorfer, Director Security EMEA, Oracle; Dr. Sebastian Broecker, Chief Information Security Officer, Deutsche Flugsicherung (Germany) and Lorenz Kuhlee, Senior Investigative Response/Forensic Consultant EMEA Risk Intelligence Team (RISK), Verizon Enterprise Solutions.
“Far too much security today is about treating the symptoms, and not the disease,” said Schmidt. “But how can we expect the next generation of security leaders to make a difference if we don’t arm them with the collective knowledge and proper tools to address security in the design phase and not after they are already exposed and likely under attack? And these new modules go to the heart of the matter, focusing on two of the most hotly debated and watched issues in cryptography and threat modeling.”
Launched in February 2014 and accessed by thousands of visitors and organizations, SAFECode’s Security Engineering Training is an online community resource offering free security training courses delivered via on-demand webcasts. Covering issues from preventing SQL injection to avoiding cross site request forgery, the courses are designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills. The courses are based on training materials donated to SAFECode by its member companies and then reviewed and supplemented by a team of technical experts from across the SAFECode membership to ensure their broad applicability across diverse development environments. Specifically, the latest additions to the program include:
- Introduction to Cryptography – Teaches, at a high level, what crypto is and how it should be used. Through this module, practitioners will be able to choose the crypto algorithm that fits their needs while understanding any potential security or performance implications. They will also learn to distinguish between different choices in applying cryptography to their work.
- Threat Modeling 101 – Viewers will be able to execute a basic Threat Model, as well as what to do with the results of one. This course covers the understanding of threats, risk and risk ranking — as well as a rich array of pointers to related resources.
- Secure Memory Handling in C 101 – Teaches how to write more secure code in C/C++. It also guides viewers on how to spot less secure code during code reviews, as well as address some common C/C++ security myths.
The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Its members include Adobe Systems Incorporated, CA Technologies, EMC Corporation, Intel Corporation, Microsoft Corp., SAP AG, Siemens AG and Symantec Corp. For more information, please visit www.safecodedev.wpengine.com.
Product and service names mentioned herein are the trademarks of their respective owners.