2012-02-22 CERIAS – Vulnerability Path and Assessment
Recorded: 02/22/2012 CERIAS Security Seminar at Purdue University Vulnerability Path and Assessment Ben Calloni, Lockheed Martin US Government, Department of Defense, and Enterprise computer systems must be trusted to protect data with varying levels of sensitivity / security. Affordability requirements are driving the need to incorporate many diverse commercial software products of unknown quality and pedigree into said systems. While there exist many Static Code Analysis products, the depth, rigor, and coverage of these tools is incomplete and inconsistent. In addition, finding and eliminating computer flaws or weaknesses is not the same as determining true vulnerabilities. Further there is significant cost reduction that can occur if automated support for establishing the case for trust and assurance can be achieved. The collection of evolving standards known as the OMG Software Assurance (SwA) Ecosystem is supported and endorsed by AFRL, NIST, SEI, OSD/NII, and DHS Cyber Security Division among others. The SwA Ecosystem defines several standard protocols to enable interoperability for tools, services and security researchers in developing, exchanging and utilizing machine-readable content (eg vulnerability patterns, enumerations, rules) for security assurance of existing software based systems. This standard-based plug-and-play framework integrates software analysis and data mining tools and facilitates highly automated fact-oriented approach to assurance by providing …
http://www.GregoryDEvans.com, http://www.Locatepc.net, http://stolencomputeralert.com, http://computersecurityexpert.net, http://www.hackerforhireusa.com, http://www.GregoryDEvans.net, AmIHackerProof.com, http://ParentSecurityOnline.com, http://TheCyberWars.com, http://hiphopsecurity.com, http://HackerForHireinternational.com, http://www.computersecurityguru.com, http://computer-security-expert.com
