Location
3345 Michelson Dr.
(Con Agra Foods Building)
Suite CN-125
Irvine

Agenda
5:30-6:00 PM Networking
6:00-8:00 PM Dinner & Presentation

Cost
Members $20
Non-members $40

Parking
Please park in structure by turning onto Prince St. off Michelson Dr.


Or Call (310) 325-4000

Technology SIG

Building Secure Software
What to do, what to avoid, and how to track your progress

June 16, 2004

Information is power. Software manages the information and access to the information. Today’s software environment is a multilayered and multi-component based. Building a secure software starts with designing a secure software. In this session we will discuss the best practices (and worst practices) in developing secure software through out the software development lifecycle.

Panelists:

  • Robert E. Lee, CTO of Dyad Security, Director of Projects & Resources, ISECOM
  • Joseph Baggio, CEO of iSmart Secure LLP
  • Jack Louis, Security Researcher - Dyad Security
  • Kevin Wagoner, Director IT Architecture, Autobytel, Inc.
Moderator: Anjay Bajaj, President of Straitegy Solutions, Inc.

A panel of software industry experts will share their experiences and lessons learnt. This promises to be a great event. Some of the themes you will hear include:

Seeing the big picture -
Peer review is part of the security process; your attackers are becoming very skilled at finding exploitable software bugs using automated tools to help them. Everyone needs to see the big picture

Rule of Simplicity -
Design for simplicity; add complexity only where you must. Default to Deny, compartmentalization of code is good for more than security.

Sweat the small stuff -
Just because certain attack vectors are obscure does not negate their effectiveness; writing good clean code is safer and more sane than allowing a program to "protect" bad coding practices at execution time.

Don't use your customers as your Q/A staff -
The Microsoft Software Release cycle is destroying security from the users and programmers perspective; it causes users to not want to upgrade, and it causes programmers to not want to fix security problems.

Don't build a $100,000 fence for a $1,000 horse -
All data is not created equal, don't treat it as such. Let the protection be commensurate with the asset.

Know your tools. Choose them wisely -
Low level languages are not the problem; they are the most widely understood. Security is a process not a language.

Audit trails -
Trust with accountability. Every significant access, whether denied or permitted must maintain an audit trail.

 

 

Site Hosted by