Friday, May 22 • 09:50 - 10:35
Security Touchpoints When Acquiring Software

Sign up or log in to save this to your schedule and see who's attending!

When the need arises for a certain functionality that can be delivered by software, organizations that have development resources with enough capacity have to decide whether to build it or buy it. Such decision should be based on a cost-benefit analysis and the resulting software should meet the security needs of the organization. To achieve the latter, Gary McGraw’s Building Security In (1) argues for security to be built into the software development lifecycle in every stage with specific security touchpoints. However if the decision is to buy the software, do those touchpoints still apply?
We postulate that those touchpoints are still relevant when acquiring software, albeit in a different scope and in some cases to a lesser extent. We present a process for software acquisition that resembles the one for software development and thus allows for security touchpoints to be applied.

avatar for Nadim Barsoum

Nadim Barsoum

Nadim Barsoum is a senior software security consultant who has worked for 12 years in the software industry, focused on the IT compliance needs of governmental institutions, private sector enterprises and banks. Nadim has helped organisations around the globe to plan, resource... Read More →
avatar for Carsten Huth

Carsten Huth

Dr. Carsten Huth joined the HP Fortify Professional Services team in 2009, which he leads now. He has consulted with Fortify SCA customers across Europe, and has delivered security assessments and trainings on topics including defensive programming, secure design, and Fortify... Read More →
avatar for Dawid Sroka

Dawid Sroka

Software Security Consultant, HP Fortify
Dawid Sroka joined the HP Fortify Professional Services team in 2012. Across Europe he has helped customers initially deploying Fortify SCA and has consulted with them to define their solution and use the software efficiently. Prior to HP Fortify, Dawid has 13 years' technical consulting... Read More →

Friday May 22, 2015 09:50 - 10:35
Room E103 Amsterdam RAI

Attendees (0)