[Owasp-austin] Austin OWASP - Tuesday, Nov 17th at 11:30am - Tracking the progress of an SDL program

James Wickett wickett at gmail.com
Mon Nov 16 12:56:28 EST 2009

Hey Austin OWASP,

I want to remind you that we have this meeting coming up and it is
going to be fantastic.  This meeting is earlier in the month than
normal due to Thanksgiving, so be sure to update your calendars.

If you are a developer, manage developers, or are a consultant, this
talk is going to be very important for you.

See you tomorrow at 11:30!


J. H. Wickett

On Fri, Nov 13, 2009 at 3:33 PM, James Wickett <wickett at gmail.com> wrote:
> This is going to be a great talk and something that you dont want to
> miss.  See you on Tuesday.
> When: November 17, 2009, 11:30am - 1:00pm
> Topic: Tracking the progress of an SDL program: lessons from the gym
> Forcing muscle growth is a long process which requires high intensity
> weight training and high mental concentration. While the ultimate goal
> is often clear, one of the greatest mistakes bodybuilders consistently
> make is to overlook the importance of tracking their weight lifting
> progress.
> Like a successful bodybuilding workout, a security development
> lifecycle program must consistently log simple to obtain, yet
> meaningful metrics throughout the entire process. Good metrics must
> lack subjectivity and clearly aid decision makers to determine areas
> that need improvement. In this presentation we’ll discuss metrics used
> to classify and appropriately compare security vulnerabilities found
> in different phases of the SDL by different teams working in different
> locations and in different products. We’ll also discuss how to easily
> provide decision makers different views of the same data and verify
> whether the process is indeed catching critical vulnerabilities
> internally.
> Who: Cassio Goldschmidt (Symantec)
> Cassio Goldschmidt is senior manager of the product security team
> under the Office of the CTO at Symantec Corporation. In this role he
> leads efforts across the company to ensure the secure development of
> software products. His responsibilities include managing Symantec’s
> internal secure software development process, training, threat
> modeling and penetration testing. Cassio’s background includes over 12
> years of technical and managerial experience in the software industry.
> During the six years he has been with Symantec, he has helped to
> architect, design and develop several top selling product releases,
> conducted numerous security classes, and coordinated various
> penetration tests.
> Cassio represents Symantec on the SAFECode technical committee and
> (ISC)2 in the development of the CSSLP certification. He holds a
> bachelor degree in computer science from Pontificia Universidade
> Catolica do Rio Grande Do Sul, a masters degree in software
> engineering from Santa Clara University, and a masters of business
> administration from the University of Southern California.
> Where: National Instruments, 11500 N Mopac, Building C which is the
> tallest building on campus (8 levels). There will be signs posted in
> the lobby to direct you where to go and the receptionists will be able
> to assist you as well. See directions to National Instruments.
> Cost: Always Free
> Questions or help with Directions... call: James Wickett 512-964-6227.
> RSVP on the Austin OWASP Ning Site
> J. H. Wickett

More information about the Owasp-austin mailing list