Overview
Explore application security strategies to mitigate business risks in this 55-minute LASCON 2010 conference talk. Delve into topics such as software assurance, supply chain security, and risk management. Learn about common software weaknesses, training and certification options, and due diligence practices. Discover the importance of balanced traceability, risk assessment, and lifecycle standards in software development. Gain insights into ISO standards, assurance case methodologies, and automation techniques for enhancing software security. Understand the principles of the Rugged Manifesto and how they apply to creating resilient software systems.
Syllabus
Intro
Background of Understanding
Weaknesses
Dramatic Risk
Software Assurance
Supply Chain
Software Security
Risk Management
Software Supply Chain
Top 25 Common Weaknesses
Training and Certification
Due Diligence Questionnaire
License or Contract
Hosted Applications
Suppliers
Acquisition
Balanced Traceability
Risk Holders
Resources
Practices
Sources
Lifecycle Standards
ISO Cuttino
Assurance Case
ISO Claims
Software Assurance Automation
Rugged Manifesto
Taught by
LASCON