Established September, 1992
Established September, 1992
Meeting Topic
AbstractMost organizations want assurance that their software has been tested for known security issues. Government, in conjunction with industry and academia are working together to make this economical and effective. The acquisition groups in large government and private organizations are moving to require that this type of testing be part of future contracts. The tools and services that can be used for evaluating source code, design, and architecture are maturing, however, there are no standards defining these types of capabilities. This lack of defined standards leaves open the question of which tool/service is appropriate/better for a particular job and how effective they are. Government, industry, and academia are working together to develop a dictionary of software weakness types and an assessment approach to help mature this new code-based security assessment industry, and dramatically accelerate the use and utility of these capabilities in testing the software systems they acquire, develop, and use. Discover all this at the December 18th meeting of Boston SPIN.About the SpeakerRobert A. Martin is a Principal Engineer at MITRE, a not-for-profit company that works in partnership with the government to address issues of critical national importance. For the past 16 years, Robert's efforts have been focused on the interplay of risk management, cyber security, quality assessment and the use of software-based technologies. The majority of this time has been spent working on the CVE, OVAL, and CWE family of security initiatives and assessing the quality and security risks within software systems. Robert is a frequent speaker on the various quality and security issues surrounding software systems at a variety of public forums and he has published numerous papers on these topics. Robert joined MITRE in 1981 with a bachelor's and master's in Electrical Engineering from Rensselaer Polytechnic Institute, later he earned an MBA from Babson College. |