Ensuring Software Assurance Process Maturity presented at OWASP Appsec 2010

by Edmund Wotring (Information Security Solutions),

Tags: Security Compliance

URL : http://www.owasp.org/index.php/Ensuring_Software_Assurance_Process_Maturity

Summary : All organizations—government and commercial—have a growing awareness of the need for an ongoing software assurance initiative. A successful initiative requires that organizations perform appropriate activities at each step in the software lifecycle. Doing so will help ensure organizations can reliably meet software assurance goals, including those related to reliability, resilience, security, and compliance. In order to help organizations begin to tackle assurance goals, Edmund Wotring III (Information Security Solutions, LLC) and Sammy Migues (Cigital, Inc) created the Software Assurance (SwA) Supply Chain Risk Management (SCRM) Checklist. The SwA SCRM Checklist incorporates mappings of several freely available models as a framework to help organizations establish a baseline of their practices. The SwA SCRM Checklist can facilitate better communication and understanding of the risks that may be introduced during software development and acquisitions, and also facilitate selection of a maturity model best suited to an organization’s needs.

Edmund Wotring : Edmund Wotring III is a Senior Security Engineer with Information Security Solutions, LLC. He has supported various federal government clients with security compliance and process improvement initiatives. He has advised senior leadership on how to ensure compliance processes can facilitate effective security. He currently supports the Department of Homeland Security National Cyber Security Division’s Software Assurance program.