3000+ Courses from California Community Colleges

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Formal Verification of Secure Software Systems

via YouTube

Start learning Write review

Overview

Explore formal verification techniques for secure software systems in this conference talk from the Central Ohio InfoSec Summit 2016. Learn how to build an effective Software Security Group (SSG) that integrates seamlessly with development teams. Discover the importance of aligning objectives, fostering mutual respect, and creating healthy tension to address real issues. Understand why hiring solid developers and training them in security is more effective than the reverse. Delve into threat modeling, finding creative solutions, and understanding business impact and risk. See how high-functioning SSGs become an integral part of the development process, leading to faster software shipping, increased automation, and genuine collaboration. Gain insights on making security an inherent part of the product development lifecycle.

Syllabus

Intro
Ground rules
The rule of two feet
What's the most important part of software?
This is how it was meant to be done
The software security group is just another engineering team
Your SSG should be one of your strongest development teams
Tension, direction, respect, collaboration
First, and most important, you have to be pointed in the same direction
If you don't have the same objectives, nobody wins
If you want to move in the same direction you need mutual respect!
When you have respect you can have healthy tension
When you have healthy tension you get to the real issues
Instead of pen testers, hire solid developers
It's easier to train developers in security than it is security pros in development
Threat modeling
Find creative ways to say yes
When you can competently understand business impact and risk you can understand why yes might be important
High functioning SSGS are part of the development process
But not because they are required
An SSG that helps ship software faster is always welcome
Teams will actively seek the advice of the SSG
Because they don't have to be afraid of what will happen
When you have a team of developers automation increases
Security becomes part of the product
The end result looks like real collaboration
Questions?

Reviews

Start your review of Formal Verification of Secure Software Systems

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.