Security-Enhanced Quality Assurance
Software Testing, and Project Management
September 23, 2009 - Maritime Institute, Baltimore, MD
The QAI/QAAM conference, in collaboration with the Department of Homeland Security (DHS), Cyber Security Division and Software Assurance working group members, is pleased to offer "Security-Enhanced Quality Assurance, Software Testing and Project Management” - a Software Assurance workshop. The workshop is designed to collect and present information on how to improve software security practices in software testing, quality assurance, and project management. We will be reviewing industry standards, maturity models, and certification schema for testing, quality, and organizational capability benchmarking.
This is a “working group” and is not a “spectator event” - nor is it meant to be strictly informational in nature. Attendees will be expected suggest improvements to current industry practice.
Why the workshop? Software is essential to the operation of the Nation’s critical infrastructure. Vulnerabilities in software can jeopardize intellectual property, consumer trust, and business operations and services. Additionally, a broad spectrum of critical applications and infrastructure, from process control systems to commercial application products, depend on secure, reliable software. It is estimated that 90 percent of reported security incidents result from exploits against defects in the design or build of software. Therefore, ensuring the integrity and resiliency of software is vital to protecting the infrastructure from threats which target software vulnerabilities, and reducing overall risk from cyber attacks. In order to ensure system reliability, integrity, and safety, it is critical to includeprovisions for built-in security of the enabling software.
 This is a free “space available” workshop (with priority given to those with paid registration to the QAI/QAAM "Managing Projects Effectively in a Cost Constrained Economy" on September 21-22, 2009). The Security-Enhanced Quality Assurance, Software Testing and Project Management workshop is being sponsored by Keane Federal Systems. Registrants must request to attend the Wednesday session with an understanding that those registered for the QAAM 2-day conference have a priority for attending this September 23 session. Those who request to attend will be notified at a later time whether space is available.
Contact Francine Chase for more information: fchase@qaiworldwide.org, 1-866-724-6013
QAAM Workshop on Security-Enhanced Quality Assurance
Software Testing, and Project Management
| 8-9 a.m. |
Continental Breakfast
|
| 9-9:15 a.m. |
Opening Remarks
Susan Burgess, QAAM Conference Chair
Keane Federal Systems
|
| 9:15-9:45 a.m. |
Software Supply Chain Risk Management: Software Assurance Needs for Security-Enhanced Software Testing, Quality Assurance and Project Management
Joe Jarzombek, Director for Software Assurance
National Cyber Security Division (NCSD), Department of Homeland Security (DHS)
|
| 9:45-10:30 a.m. |
QAI Testing and Quality Certification Programs
Tom Ticknor, Chief Operating Officer
QAI Global Institute
|
| 10:30-11 a.m. |
Networking Break
|
| 11-11:30 a.m. |
Software System Security Principles
Samuel T. Redwine Jr., Associate Professor
James Madison University
|
| 11:30 a.m.-12:00 p.m. |
Certification Schemas for Security
TBD
ISC2
|
| 12-1:15 p.m. |
Lunch and Networking
|
| 1:30-1:45 p.m. |
Joe Jarzombek - Facilitator
|
| 1:45-2:15 p.m. |
Security-Enhanced Software Testing for QA Professionals
Sean Barnum, Principal Consultant
Cigital
|
| 2:15-2:45 p.m. |
Assurance in Industry Standards and Capability Maturity Models
Michele Moss
Booz Allen Hamilton
|
| 2:45-3:15 p.m. |
Break
|
| 3:15-3:45 p.m. |
Software Assurance Measurements
Nadya Bartol, Senior Associate
Booz Allen Hamilton
|
| 3:45-4:15 p.m. |
Business Case for Security-Enhanced Practices in Enterprise Risk Management
facilitated discussion with workshop participants
|
| 4:15-5 p.m. |
Recommendations & Software Assurance Workshop Wrap-Up |
|
