Virginia, March 10, 2010 – Jay Bavisi, LLB, co-founder and president of EC-Council, recently presented his organization’s findings on the current software assurance environment – both problems and opportunities – at the 12th Semi-Annual Software Assurance Forum.
Bavisi shared the panel with Steve Lipner, Microsoft’s senior director of security engineering strategy, and Dr. Richard H.L. Marshall, Department of Homeland Security, director of global cyber security management. The panel discussed and identified gaps and opportunities in the current software assurance landscape and debated on the reliability of various knowledge resources being developed and made available by leading organizations and governments.
“Better software assurance is vital to U.S. cyber security as well as our global digital society,” Bavisi said. “By hardening software in advance, we can reduce the ‘vulnerability gap’ that occurs between a known security flaw and the release of a patch, thus improving e-commerce, government security, and consuactionable cyber security information to the public. US-CERT also providesmer confidence in the digital universe. EC-Council plays an active role in helping the information security community seek ways to reduce software vulnerabilities and minimize exploitation – and we regularly make available our diagnostic expertise to software developers and governments in order to analyze these systems for exploitable weaknesses.”
“Software development needs to be informed by incident response; it needs threat modeling and application penetrating testing,” said Joe Jarzombek, PMP, CSSLP, director of the Software Assurance Forum. “Secure coding is needed to avoid exploitable weaknesses being introduced.”
The March 9-12 Software Assurance Forum was co-sponsored by organizations in the Department of Homeland Security (DHS), Department of Defense (DoD) and the National Institute for Standards & Technology (NIST). The forum was attended by various members of U.S. Department of Homeland Security, Department of Defence, US CERT and representatives from leading industry software manufacturers as well as from academia. The Software Assurance Forum aims to encourage software developers to be pro-active in raising overall software security & quality during inception instead of relying on reactionary approaches such as application of patches after software vulnerabilities are found.
For more information about the Software Assurance Forum, visit: https://buildsecurityin.us-cert.gov/swa/index.html
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 60,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).
EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.
For more information about EC-Council, visit the website: www.eccouncil.org
The United States Department of Homeland Security (DHS) is a Cabinet department of the United States federal government with the primary responsibilities of protecting the territory of the U.S. from threats ranging from cybersecurity analyst to chemical facility inspector. DHS upholds aviation and border security as well as responding to natural disasters.
US-CERT is charged with providing response support and defence against cyber attacks for the Federal Civil Executive Branch (.gov) and information sharing and collaboration with state and local government, industry and international partners. It interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public. US-CERT also provides a way for citizens, businesses, and other institutions to communicate and coordinate directly with the United States government about cyber security.
About Software Assurance Forum
The key objective of the Software Assurance Forum is to shift the security paradigm from patch management to software assurance. This shift is designed to encourage software developers to raise overall software quality and security from the start, rather than relying on applying patches to systems after vulnerabilities are discovered.
The intent of this Forum is to continue to bring together members of government, industry, and academia with vested interests in software assurance to discuss and promote integrity, security, and reliability in software. Progress updates on relevant programs and initiatives will also be presented. If you are developing practical solutions to problems relating to examining alternatives to mitigate security risks attributable to software that affect both government and industry, you will benefit in attending the Software Assurance Forum.