CISQ Hosts September 10 Webinar: Expecting Secure, High-Quality Software: Mitigating Risks throughout the Lifecycle
Speaker: Joe Jarzombek, Director for Government, Aerospace and Defense Programs, Synopsys, Inc.
Date: September 10, 2018 from 2:00 – 3:00pm ET (check your time zone)
This CISQ webinar is brought to you by our sponsor, Synopsys
As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the supply chain must focus on the entire lifecycle. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors. With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses and vulnerabilities. Addressing software supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploitable components and providing more responsive mitigations. Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.
Attendees will learn:
- How external dependencies create risks throughout the IoT/software supply chain;
- How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
- How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.
The webinar presentation will be available on this webpage to view or download after the event.
The Consortium for Information & Software Quality™ (CISQ™) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introduce a computable metrics standard for measuring software quality and size. Founded by the Object Management Group (OMG) and the Software Engineering Institute (SEI) at Carnegie Mellon, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by Accenture, Atos, CAST, Huawei, and WIPRO.
Note to editors: For a listing of all OMG trademarks, visit https://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.