Over 150 security development professionals participated in an event sponsored in part by SAFECode recently in Cambridge, MA steps from the Massachusetts Institute of Technology.
SAFECode was a Bronze Sponsor of IEEE Cybersecurity Development Conference (IEEE SecDev) and participated in the event to help spread the word about the importance of software assurance and the availability of SAFECode resources that offer free guidance on everything from threat modeling to building a developer training program.
SAFECode Members Danny Dhillon (Dell EMC) and Altaz Valani (Security Compass) Presented at IEEE SecDev. Dhillon’s presentation was titled: “Applied Threat Driven Security Verification”. Valani spoke about “Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach”. See pictures below.
SAFECode IEEE SecDev Presenters
Left: Danny Dhillon, Dell EMC
Right: Altaz Valani, Security Compass
Organizations like Lenovo, Thales, the U.S Naval Research Laboratory, Cisco, DESE Research and Sandia Labs stopped by the SAFECode booth to learn more about the resources offered by SAFECode. Each received marketing material with a QR code linked to the Fundamental Practices for Secure Software Development, Third Edition.
The IEEE SecDev conference is distinguished by its focus on how to “build security in” (and not simply to discover the absence of security). Its goal is to encourage and disseminate ideas for secure system development among both academia and industry. It is a venue for presenting ideas, research and experience about how to develop secure systems. For a list of 2018 accepted papers click here.
To learn more about Tactical Threat Modeling, be sure to download SAFECode’s “Tactical Threat Modeling” white paper here. The white paper provides guidance about threat modeling as well as the basic framework for conducting a successful threat-modeling effort.