About Us Initiatives Press/News Links/Resources Contact Events Privacy Policy
Awareness Early Warning Tech Standards Software Lifecycle Governance

Security Across the Software Development Life Cycle

Task force members have considered how to achieve meaningful and measurable vulnerability reductions through collaborative standards, tools and measures for software; new tools and methods for rapid patch deployment; and best-practice adoption across the entire critical infrastructure. The work has included discussion of how to build — and how to teach building — secure software from the ground up, as an embedded and simple feature in all software systems going forward. This important task force is comprised of software experts from the vendor, systems integration and end-user communities.

Executive Summary (PDF)
Full Report (PDF)

Software Subgroup Appendix (PDF)

Co-Chairs:

  • Ron Moritz, Computer Associates
  • Scott Charney, Microsoft

Secretariat:

  • Robert Holleyman, President and CEO, Business Software Alliance (BSA)

Paralegal Schools: AL, AB, AZ, BC, CA, CO, CT, FL, GA, HI, ID, IL, IN, IA, KS, KY, ME, MA, MI, MN, MO, NE, NV, NH, NJ, NM, NY, NC, OH, OK, ON, OR, PA, SC, SD, TN, TX, UT, VA, WI

Members:
 

Leslie Beach, SRA

Terry Benzel, Information Sciences Institute/University of Southern California

Fred Cohen, Burton Group

Jack Danahy, Ounce Labs, Inc.

Noopur Davis, Software Engineering Institute

Kenneth Dill, PivX Solutions, Inc.

Read Fleming, SH&E, International Air Transport Consultancy

Dana Foat, Defense – wide Information Assurance Program

Richard George, National Security Agence

Eric Guerrino, Bank of New York

Watts Humphrey, Software Engineering Institute

Lalita Jagadeesan, Lucent Technologies

Joe Jarzombek, Office of Assistant Secretary of Defense

Kwang Kim, AlphaInsight Corporation

James Lewis, Center for Strategic and International Studies

  

Steve Lipner, Microsoft

Paul Lloyd, Hewlett Packard

Keith Millar, Hewlett Packard

Will Ozier, ISSA – GAIP Executive Committee

Jeffrey Payne, Cigital, Inc.

Sam Redwine, James Madison University

Phil Reitinger, Microsoft

Thomas Santaniello, CompTIA

Keith Schwalm, Good Harbor

Geoff Shively, PivX Solutions, Inc.

Madhavan Vasudevan, Sand Hill Group

Srinivasa Venkataraman, Appstream Inc.

Peggy Weigle, Sanctum

Ulrich Werner, SAP

Gerlinde Zibulski, SAP Labs