Slides from Rochester Security Summit Keynote Online: The Need For Open Software Security Standards In A Mobile And Cloudy World

October 5, 2011
Dan Cornell

Slides from my keynote at the Rochester Security Summit are now online here:

The Need For Open Software Security Standards In A Mobile And Cloudy World

View more presentations from Denim Group

 

The title of the talk was “The Need For Open Software Security Standards In A Mobile And Cloudy World” and the abstract was:

The security landscape is changing and the security industry must adapt to stay relevant.  The economic and scale benefits of the cloud are causing organizations to move sensitive business processes and data outside of the safety of the corporate environment.  New business models and other opportunities to create value through innovation are moving sensitive data and code onto untrusted mobile devices.  Organizations are going to adopt these new cloud and mobile technologies and information security practitioners will be forced to evolve current models for risk management and mitigation.  This presentation discusses the need for open software security standards to support this evolution.  Being required to trust cloud service providers leads to a need for increased visibility into the software security practices of those providers.  In addition, reliance on these providers’ software as well as the requirement to place software in untrusted environments such as mobile devices creates a demand for better standards for evaluating the security state of complicated systems.  Many previous efforts have been focused on proprietary models that failed to provide sufficient insight or on models that lacked a level of technical rigor required to provide assurance.  The solutions to these issues are open standards that are based on the real risks organizations encounter when adopting cloud and mobile technologies and the presentation outlines potential paths forward that can provide risk managers with the assurances they need while also freeing up businesses to intelligently consume emerging technologies.

I had a great time at the conference and really appreciate the hospitality of the Rochester crew.

Contact us for help crafting your software assurance program.

–Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group’s Posterous

About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Security Programs

Leave a Reply

Your email address will not be published. Required fields are marked *