Secure Software by Design Event Announces Agenda
June 2, 2023—The CERT Division of the Carnegie Mellon University (CMU) Software Engineering Institute (SEI) today announced the program of presentations for Secure Software by Design, a two-day live, in-person event on June 12 and 13 at the SEI’s Arlington, Virginia, location.
The Secure Software by Design event will promote making security an integral aspect of the entire software lifecycle as a result of following deliberate, intentional engineering processes rather than addressing security in individual stages as one-off activities. Over two days, experts from the CERT Division and industry will deliver presentations and foster discussion on many aspects of software-intensive system development:
- memory-safe programming languages
- Rust for software security
- building secure infrastructure and infrastructure as code
- threat modeling with model-based systems engineering
- zero trust in acquisitions
- incorporating security and compliance early via DevSecOps
- securing machine-learning systems
- securely maintaining a development platform
- the Cybersecurity and Infrastructure Security Agency (CISA) path to secure by design
- engineering survivable systems
- Acquisition Security Framework and Software Bill of Materials (SBOM)
Greg Touhill, director of the SEI’s CERT Division, will deliver the keynote address “Secure by Design, Secure by Default.” Joseph Bradley, executive director of the Cyber Resiliency Office for Weapon Systems (CROWS) in the U.S. Air Force will give a second keynote address called “Zero Trust and Weapon Systems—The Way Ahead.”
The SEI has been in the forefront of secure software development, promoting a “shift left” approach to address, prevent, or eliminate security weaknesses earlier in the software development cycle, which saves time and money. The Secure Software by Design event supports the National Cybersecurity Strategy as well as efforts at the U.S. Department of Homeland Security (DHS) CISA. It addresses the issues that CISA Director Jen Easterly spoke about during her address to the nation from CMU, where she urged technology providers to create products that are both secure by default and by design.