Secure Software by Design 2023
• Collection
Publisher
Software Engineering Institute
Abstract
SEI Secure Software by Design is intended to improve the state of this holistic secure development approach by bringing together thought leaders in this area for presentations and discussions on all aspects of secure software systems development. Topics include application threat modeling, development of security requirements, secure software architectures, DevSecOps, secure development platforms and pipelines, software assurance, secure coding practices, software testing, and more.
Collection Items
Threat Modeling with Model-Based Systems Engineering (MBSE)
• Presentation
By Nataliya Shevchenko, Brent Frye
In this presentation, the authors demonstrate an approach to extend the standard UAF Security Viewpoint with a Threat Modeling profile and Personal Viewpoint with an Involvement profile.
Learn More
An Approach Applying Zero Trust in Acquisition
• Presentation
By Timothy Morrow
This presentation provides a brief description of what zero trust security is and the current set of guiding documents for implementing zero trust.
Learn More
To Resiliency and Beyond!
• Presentation
By Matt Wiseman (Fathom5)
In this presentation, Matt Wiseman of Fathom5 shares insights on how to engineer survivable systems.
Learn More
Acquisition Security Framework (ASF): Informing Software Bill of Materials (SBOM) Use Cases and Risk Reduction
• Presentation
By Carol Woody
In this presentation, the author discusses how organizations can connect SBOMs to acquisition and development to support improved system and software assurance.
Learn More
DevSecOps By Design: How to Incorporate Security and Compliance Earlier Than Testing and Scanning
• Presentation
By Taylor Trevor (Security Compass)
In this presentation, Trevor Young explores some new approaches to Threat Modeling, and Developer Training that can ease teams into the integration of security and compliance early in the DevSecOps …
Learn More
A Peek Behind the Curtain: Securely Maintaining a Development Platform
• Presentation
By Lyndsi A. Hughes, David Sweeney
In this talk, the authors discuss various components and capabilities of a development platform and consider how to ensure they are securely operated.
Learn More
Building More Secure Software with Memory-Safe Programming Languages
• Presentation
By Shane Miller (Rust Foundation)
This presentation explains the security tradeoffs of memory-safe programming language choices.
Learn More
Secure By Design & Secure By Default: Cisa’s Path Forward
• Presentation
By Jack Cable (Cybersecurity and Infrastructure Security Agency)
In this presentation, the author discusses CISA’s next steps with Secure by Design and how you can be part of the journey.
Learn More
Will Rust Solve Software Security?
• Presentation
By Joe Sible, David Svoboda, Garret Wassermann
In this presentation, the authors evaluate the Rust programming language from a cybersecurity perspective.
Learn More