Secure Software Development Landscape
Software Engineering Institute
Last summer's Wired article describing vulnerabilities in the Jeep shows that software is being created and deployed with exploitable, yet avoidable, security flaws. So far, the automotive attacks have been largely demonstrations. However, successful cyber-attacks have been carried out on steel furnaces in Germany and the electrical grid in Ukraine. Insecurely written software in cyber-physical systems places people and property in jeopardy. Fortunately, there are many techniques available to those building software for cyber physical systems that can greatly reduce their vulnerability. This talk starts with an in-depth review of the Jeep scenario. It then examines how security can be introduced throughout the software development lifecycle to blunt such vulnerabilities.
About the Speaker
Dr. Mark Sherman is the Technical Director of the Cyber Security Foundations group in the SEI's CERT® Division at the Carnegie Mellon University Software Engineering Institute. His team focuses on foundational research on the life cycle for building secure software and on data-driven analysis of cybersecurity. Prior to joining CERT, …Read more