Keynote: Innovative R&D – A True Enabler For Achieving Security Testing “At-Speed”
Advancing the state of art, and the state of practice play a key role in improving the speed and accuracy of security testing in the software development process. Many security technologies that are designed to find weaknesses and vulnerabilities in software have not kept pace with modern software development, as a result, many organizations are finding it increasingly difficult to achieve security “at-speed”. Poorly performing tools that generate too many false-positives, requires a considerable amount of tuning and automation, with limited attack surface coverage clogs up the CI/CD pipeline. This is a pivotal point where a trade-off is often made between speed and security.
In this talk you will hear about innovative research and development targeted at advancing software assurance tools, technologies and capabilities to keep pace with modern software development. In particular, this talk will cover R&D advancements in static analysis, improvements to MITRE’s Common Weakness Enumeration (CWE), mobile application testing, hybrid analysis, automated threat modeling, and I can’t forget the Software Assurance Marketplace (SWAMP). All of which are designed to help organization integrate security more seamlessly in the software development process; while lowering the bar for organization to formalize software assurance early and often in the software development process through continuous assurance.