Secure Code Development
Doug Smith - Northrop Grumman
Sep 06, 2017
AbstractCurrent and recent events make it clear that cybersecurity requires defense in depth. Software development is both an early opportunity to begin the defense, and the source of many commonly exploited security vulnerabilities. Preventing coding errors and eliminating security flaws during development is an effective way to reduce security risks. This presentation promotes awareness among software practitioners of the how and why to do secure code development and software assurance, covering:
· Software Assurance Definitions
· Software Assurance Threat
· Software Assurance Guidance and Regulations
· Secure Coding Activities
· Classic Vulnerability Examples
About the SpeakerDoug Smith is a Technical Fellow and Manager of Engineering for Northrop Grumman Technology Services, providing engineering support to projects and leading the Systems and Modernization Services Division’s engineering staff development programs as well as Agile and DevOps engineering improvement initiatives. Previously, Doug served as a software engineer, systems engineering manager, and program manager. He has more than 25 years of experience in software development.
Doug received a Master of Science in Computer Science from the Naval Postgraduate School and was graduated Magna Cum Laude from Duke University with a Bachelor of Science in Computer Science. He is a veteran of the Marine Corps, a Lean Six Sigma Black Belt, co-author of the John Wiley book, "Practical Support for Lean Six Sigma Software Process Definition", and Subject Matter Expert for the IEEE Computer Society’s “Certified Software Development Associate” (CSDA) Learning System.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.