search menu icon-carat-right cmu-wordmark

Secure Software by Design Event Opens Call for Presentations and Registration

Secure Software by Design Event Opens Call for Presentations and Registration
Press Release

Pittsburgh, Pa., March 9, 2023—The CERT Division of the Carnegie Mellon University Software Engineering Institute (SEI) today announced registration and a call for presentations for Secure Software by Design, a two-day live, in-person event on June 12 and 13 at the SEI’s Arlington, Va., location.

The SEI has been in the forefront of secure software development, promoting a “shift left” approach whereby security weaknesses are addressed, prevented, or eliminated earlier in the software development cycle, which saves time and money. Building on this research in support of the newly released National Cybersecurity Strategy, the Secure Software by Design event promotes making security an integral aspect of the entire software lifecycle as a result of following deliberate, intentional engineering processes rather than addressing security in individual stages as one-off activities.

This event also supports the many efforts underway at the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) and addresses the issues that CISA Director Jen Easterly spoke about during her recent address to the nation from CMU. “Technology providers and software developers must take ownership of their customer’s security outcomes rather than treating each product as if it carries an implicit caveat emptor. To achieve this, every technology provider must begin by creating products that are both secure by default and secure by design,” said Easterly.

Secure Software by Design is intended to improve the state of secure development approaches by bringing together thought leaders in this area for presentations and discussions on all aspects of software-intensive system development,” said Tim Chick, Applied Systems Group lead in the SEI CERT Division. “This event will discuss application threat modeling, development of security requirements, secure software architectures, DevSecOps, secure development platforms and pipelines, software assurance, secure coding practices, software testing, and more.”

For more information about registration and call for presentations, visit the conference website at Deadline for the call for presentations is April 14.