Jeremy Epstein
Thu, 01 Jan 2009 09:14:46 -0800
Colleagues, Happy new year! The January meeting will be held on the traditional second Thursday, Jan 8, 6pm to about 830pm. If you're coming, please RSVP to me, and I'll get you on the visitors list at Booz Allen. Without further ado, we have two great talks lined. Mike Boberski will speak about the OWASP ASVS project, and Michele Moss will speak about assurance practices in CMMI. Mike and Michele both work for Booz Allen; I welcome speakers from other companies to step forward as well! ----- "About OWASP ASVS" The primary aim of the OWASP ASVS Project is to normalize the range of coverage and level of rigor available in the market when it comes to performing application-level security verification. The goal is to create a set of commercially-workable open standards that are tailored to specific web-based technologies. Mike Boberski works at Booz Allen Hamilton. He has a background in application security and the use of cryptography by applications. He is experienced in trusted product evaluation, security-related software development and integration, and cryptomodule testing. For OWASP, he is the project lead and a co-author of the OWASP Application Security Verification Standard, the first OWASP standard. "Evolutions In The Relationship Between Application Security And The CMMI" Addressing new and complex threats and IT security challenges requires repeatable, reliable, rapid, and cost effective solutions. To implement these solutions, organizations have begun to align their security improvement efforts with their system and software development practices. During a "Birds of a Feather" at the March 2007 SEPG, a group of industry representatives initiated an effort which led to the definition of assurance practices that can be applied in the context of the CMMI. This presentation will provide an understanding how applying the assurance practices in the context of security contribute to the overall increased quality of products and services, illustrate how the a focus on assurance in the context of CMMI practices is related to application security practices, and present and approach to evaluate and improve the repeatability and reliability of assurance practices. Michele Moss, CISSP, is a security engineer with more than 12 years of experience in process improvement. She specializes in integrating assurance processes and practices into project lifecycles. Michele is the Co-Chair of the DHS Software Assurance Working Group on Processes & Practices. She has assisted numerous organizations with maturing their information technology, information assurance, project management, and support practices through the use of the capability maturity models including the CMMI, and the SSE-CMM. She is one of the key contributors in an effort to apply an assurance focus to CMMI. ----- Location, etc: Booz Allen Hamilton One Dulles Center 13200 Woodland Park Road Herndon VA 20171 USA 600pm - 830pm (or so) As always, there will be pizza (small donation requested to offset the cost). See you on the 8th! --Jeremy -- Jeremy Epstein Principal Consultant, Cigital 703-404-5740 (O), 703-989-8907 (M), http://www.cigital.com/ Software Confidence. Achieved. _______________________________________________ Owasp-wash_dc_va mailing list Owasp-wash_dc_va@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-wash_dc_va