Heartbleed: Analysis, Thoughts, and Actions
On April 25, 2014, technical staff from the Software Engineering Institute (SEI) and Codenomicon participated in a live-streamed panel discussion on the impact of the Heartbleed OpenSSL vulnerability along with methods to mitigate and even prevent crises like this in the future. Chris Clark, Security Engineer from Codenomicon, one of the cybersecurity organizations that discovered the Heartbleed vulnerability, joined members of SEI's technical staff from the CERT and Software Solutions divisions and from the SEI's Information Technology department. They will be discussing how software vulnerabilities like Heartbleed can be mitigated through the different phases of the secure software lifecycle using techniques available today. They will also discuss how changes to our current software development and management techniques need to be managed to more effectively reduce the effects of incidents like Heartbleed.
About the Panelists
- Will Dormann is a software vulnerability analyst with the CERT Coordination Center (CERT/CC).
- Robert Seacord is a senior vulnerability analyst in the CERT®Division where he leads the Secure Coding Initiative.
- Christopher Clark, a twenty-two year veteran of the Information Technology world, is a Security Engineer at Codenomicon.
- Brent Kennedy is a member of the CERT®Division Cyber Security Assurance team focusing on penetration testing operations and research.
- William Nichols is a senior member of the technical staff at the SEI and serves as a Team Software Process Mentor Coach.
- Jason McCormick is the Manager of Network and Infrastructure Engineering with SEI Information Technology Services.
- Robert Floodeen (Moderator) is the Technical Advisor to the Director for Carnegie Mellon University's Software Engineering Institute.
About the Speaker
Will Dormann is an SEI alumni employee.
Will Dormann has been a software vulnerability analyst with Carnegie Mellon Software Engineering Institute's CERT Coordination Center (CERT/CC) since 2004. His focus area includes web browser technologies, ActiveX, and fuzzing. Will has discovered thousands of vulnerabilities through the use of fuzzing tools and …Read more
William "Bill" Nichols joined the SEI in 2006 as a senior member of the technical staff and served as a Personal Software Process (PSP) instructor and Team Software Process (TSP) coach. Before joining the SEI, Nichols led a software-development team at the Bettis Laboratory near Pittsburgh, where he had been …Read more