an end to testing ourselves secure?
DESCRIPTION
An End to Testing Ourselves Secure?. Why I’m Here. Ground Rules. This is a presentation discussion. Let other people speak!. 15 minute time-boxed discussions, revisit parked issues at the end. Framing the Problem. Where we find flaws today. Highest ROI. Look familiar?. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/1.jpg)
An End to Testing Ourselves Secure?
![Page 2: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/2.jpg)
Why I’m Here
![Page 3: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/3.jpg)
Ground Rules
![Page 4: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/4.jpg)
This is a presentation discussion
![Page 5: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/5.jpg)
Let other people speak!
![Page 6: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/6.jpg)
15 minute time-boxed discussions, revisit parked
issues at the end
![Page 7: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/7.jpg)
Framing the Problem
![Page 8: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/8.jpg)
Requir
emen
ts / A
rchite
cture
Coding
Integ
ration
/ Com
pone
nt Tes
ting
System
/ Acc
eptan
ce T
estin
g
Produc
tion /
Pos
t-Rele
ase
1x6x
11x16x21x26x31x36x
Rel
ativ
e co
st to
fix,
bas
ed o
n tim
e of
det
ectio
n
Source: NIST
Highest ROI
Where we find flaws today
Look familiar?
![Page 9: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/9.jpg)
February 2012 Report from Quocirca
![Page 10: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/10.jpg)
Results of an Open SAMM Assessment
![Page 11: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/11.jpg)
Discussion Question 1:Is there a problem with
relying primarily on verification?
Isn’t static analysis a “good enough” solution?
![Page 12: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/12.jpg)
Discussion Question 2:Can we effectively scale
training, threat modeling?
![Page 13: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/13.jpg)
Discussion Question 3:Can we effectively scale security requirements?
![Page 14: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/14.jpg)
Resources
![Page 15: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/15.jpg)
Learning from other process changes
![Page 16: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/16.jpg)
Cultural Challenges to Secure SDLC
• “Incompetent developer” challenge• “Security is special” challenge• Domain-specific vs. domain-agnostic• Fitting a square peg into a round hole
![Page 17: An End to Testing Ourselves Secure?](https://reader035.vdocuments.net/reader035/viewer/2022062520/5681613c550346895dd09dbc/html5/thumbnails/17.jpg)
Conclusions?