Last year at RSA, vendors, customers and security experts came together to debate the future of software security assessment. The message was clear: there is a growing frustration over the lack of a widely accepted method for assessing the security of acquired software – and not just from customers, but also from the vendors themselves. So what happened after the conference ended?

SAFECode members have joined representatives from several industries to continue last year’s debate and meet the challenge of developing actionable guidance on assessing the security of purchased software. Their approach is designed to help customers better manage the risks associated with the procurement of enterprise software, while helping suppliers create assurance programs that are more responsive to customer’s needs and concerns.

This year at RSA, we will provide an update on our efforts to date. We encourage anyone interested in the role of vendor assessment in efforts to reduce third party software risk to join us for this important discussion. SAFECode Executive Director and Former White House Cybersecurity Coordinator Howard A. Schmidt will host a panel discussion with Jim Routh, CISO Aetna, Chris Wysopal, co-founder and CTO, Veracode, and EMC Senior Director of Product Security Reeny Sondhi. They will provide insight into the collaborative process that has sought to build on last year’s debate, as well as their efforts to find common ground on some of the more hotly contested issues. In addition, they will preview the soon-to-be-released guidance and offer practical advice to vendors looking to communicate their software security process and customers seeking to evaluate the security of the software they purchase.

WHAT: RSA Conference Session: The Coming Revolution: Industry Groups Defining Vendor Assessment Standards

WHEN: Tuesday, April 21, 2015 | 3:30 PM – 4:20 PM |

WHERE: RSA Conference West | Room: 2008