De-mystifying Secure Software Development Webinar

Tuesday, June 23, 2020

Background

Once seen as only tangential to cybersecurity planning, software security has recently emerged as a top priority for policymakers, businesses, and users around the world. As our collective understanding of cybersecurity has grown, we have come to recognize the central role secure design and development plays in protecting the software that powers our world. Unfortunately, software security discussions have long been hampered by inconsistent terminology, lack of clarity around best practices, and a sense that only the most technically inclined could ever really make sense of the process. A new software development framework from NIST is poised to change all that.

Much like it did with its Cybersecurity Framework, NIST has brought together what we have learned about software security over the past two decades and created a secure software development framework (SSDF) that can get us all talking from the same playbook. The framework builds on SAFECode’s publications on secure development best practices, the BSA Framework for Secure Software, and other industry contributions to deliver a core set of high-level secure software development practices that help ensure that software is secure by design. Software producers who follow these practices can reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to achieve continuous improvement of software security. Software consumers can use the framework to confidently build their security requirements and apply them as applicable to their software acquisition processes.

Event Details

Please register here to join BSA and SAFECode along with government and industry panelists in a virtual roundtable discussion on Tuesday, June 23 from 11 a.m. to 1 p.m. to learn about the SSDF and hear about its practical applications for product developers, public and private sector customers, and the future of product certifications and labeling.

Questions about this session should be directed to BSA’s Tommy Ross (thomasr@bsa.org) or SAFECode’s Steve Lipner (lipner@safecode.org). 

Agenda

Slides from this session can be found here
 
11:00 - 11:05 a.m.
Welcome remarks
Kevin Stine, NIST
 
11:05 - 11:20 a.m.
Introduction and overview of the NIST Secure Software Development Framework
Karen Scarfone, NIST Associate
 
11:20 - 11:30 a.m.
BSA’s perspective
Tommy Ross, BSA
 
11:30 - 11:40 a.m.
SAFECode’s perspective
Steve Lipner, SAFECode
  
11:40 - 11:55 a.m.
Q&As
BSA/NIST/SAFECode
Tommy Ross, Karen Scarfone, Kevin Stine, and Steve Lipner
 
12:05 - 12:45 p.m.
Perspectives on Applying the SSDF
  • Guiding Product Development:  Valecia Maclin, Microsoft
  • Supporting private sector software acquisition:  John Banghart, Venable
  • Improving government acquisition: Melinda Reed, DoD
  • Shaping interoperability, synergies, and evaluation: Prokopios Drogkaris and Apostolos Malatras, ENISA
 
12:45 - 12:55 p.m.
Q&As
Invited speakers
Valecia Maclin, John Banghart, Melinda Reed, Prokopios Drogkaris and Apostolos Malatras
 
12:55 - 13:00 p.m.
Closing remarks and next steps
BSA/NIST/SAFECode
Tommy Ross, Kevin Stine, and Steve Lipner