Software Engineering Institute

On April 25, 2014, technical staff from the Software Engineering Institute (SEI) and Codenomicon participated in a live-streamed panel discussion on the impact of the Heartbleed OpenSSL vulnerability along with methods to mitigate and even prevent crises like this in the future. Chris Clark, Security Engineer from Codenomicon, one of the cybersecurity organizations that discovered the Heartbleed vulnerability, joined members of SEI's technical staff from the CERT and Software Solutions divisions and from the SEI's Information Technology department. They will be discussing how software vulnerabilities like Heartbleed can be mitigated through the different phases of the secure software lifecycle using techniques available today. They will also discuss how changes to our current software development and management techniques need to be managed to more effectively reduce the effects of incidents like Heartbleed.

About the Panelists

• Will Dormann is a software vulnerability analyst with the CERT Coordination Center (CERT/CC).

• Robert Seacord is a senior vulnerability analyst in the CERT®Division where he leads the Secure Coding Initiative.

• Christopher Clark, a twenty-two year veteran of the Information Technology world, is a Security Engineer at Codenomicon.

• Brent Kennedy is a member of the CERT®Division Cyber Security Assurance team focusing on penetration testing operations and research.

• William Nichols is a senior member of the technical staff at the SEI and serves as a Team Software Process Mentor Coach.

• Jason McCormick is the Manager of Network and Infrastructure Engineering with SEI Information Technology Services.

• Robert Floodeen (Moderator) is the Technical Advisor to the Director for Carnegie Mellon University's Software Engineering Institute.