[Owasp-austin] Austin OWASP - Tuesday, Nov 17th at 11:30am - Tracking the progress of an SDL program

James Wickett wickett at gmail.com
Fri Nov 13 16:33:54 EST 2009


This is going to be a great talk and something that you dont want to
miss.  See you on Tuesday.

When: November 17, 2009, 11:30am - 1:00pm

Topic: Tracking the progress of an SDL program: lessons from the gym

Forcing muscle growth is a long process which requires high intensity
weight training and high mental concentration. While the ultimate goal
is often clear, one of the greatest mistakes bodybuilders consistently
make is to overlook the importance of tracking their weight lifting
progress.

Like a successful bodybuilding workout, a security development
lifecycle program must consistently log simple to obtain, yet
meaningful metrics throughout the entire process. Good metrics must
lack subjectivity and clearly aid decision makers to determine areas
that need improvement. In this presentation we’ll discuss metrics used
to classify and appropriately compare security vulnerabilities found
in different phases of the SDL by different teams working in different
locations and in different products. We’ll also discuss how to easily
provide decision makers different views of the same data and verify
whether the process is indeed catching critical vulnerabilities
internally.

Who: Cassio Goldschmidt (Symantec)

Cassio Goldschmidt is senior manager of the product security team
under the Office of the CTO at Symantec Corporation. In this role he
leads efforts across the company to ensure the secure development of
software products. His responsibilities include managing Symantec’s
internal secure software development process, training, threat
modeling and penetration testing. Cassio’s background includes over 12
years of technical and managerial experience in the software industry.
During the six years he has been with Symantec, he has helped to
architect, design and develop several top selling product releases,
conducted numerous security classes, and coordinated various
penetration tests.

Cassio represents Symantec on the SAFECode technical committee and
(ISC)2 in the development of the CSSLP certification. He holds a
bachelor degree in computer science from Pontificia Universidade
Catolica do Rio Grande Do Sul, a masters degree in software
engineering from Santa Clara University, and a masters of business
administration from the University of Southern California.

Where: National Instruments, 11500 N Mopac, Building C which is the
tallest building on campus (8 levels). There will be signs posted in
the lobby to direct you where to go and the receptionists will be able
to assist you as well. See directions to National Instruments.

Cost: Always Free

Questions or help with Directions... call: James Wickett 512-964-6227.

RSVP on the Austin OWASP Ning Site
J. H. Wickett


More information about the Owasp-austin mailing list