1 / 18

An End to Testing Ourselves Secure?

An End to Testing Ourselves Secure?. Why I’m Here. Ground Rules. This is a presentation discussion. Let other people speak!. 15 minute time-boxed discussions, revisit parked issues at the end. Framing the Problem. Where we find flaws today. Highest ROI. Look familiar?.

john
Download Presentation

An End to Testing Ourselves Secure?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An End to Testing Ourselves Secure?

  2. Why I’m Here

  3. Ground Rules

  4. This is a presentation discussion

  5. Let other people speak!

  6. 15 minute time-boxed discussions, revisit parked issues at the end

  7. Framing the Problem

  8. Where we find flaws today Highest ROI Look familiar? Relative cost to fix, based on time of detection Source: NIST

  9. February 2012 Report from Quocirca

  10. Results of an Open SAMM Assessment

  11. Discussion Question 1:Is there a problem with relying primarily on verification? Isn’t static analysis a “good enough” solution?

  12. Discussion Question 2:Can we effectively scale training, threat modeling?

  13. Discussion Question 3:Can we effectively scale security requirements?

  14. Resources

  15. Learning from other process changes

  16. “Incompetent developer” challenge • “Security is special” challenge • Domain-specific vs. domain-agnostic • Fitting a square peg into a round hole Cultural Challenges to Secure SDLC

  17. Conclusions?

  18. rohit@sdelements.comTwitter: @rksethi

More Related