The push for more and better application security bumps up against another trend: data ambition.
- Ryan Berg, the CSO of the firm Sonatype will give a talk on Thursday titled “The Game of Hide and Seek, Hidden Risks in Modern Software Development.” Berg notes that modern software development is heavily component-ized, resulting in software that is more “assembled than built.” Among other things, Berg will be talking about research he’s done into global software supply chain risks and how to adapt standard infosec approaches to the new world of modular, outsourced software development.
- Panel: “Evaluating the Security of Purchased Software: Can We Find Common Ground?” I ’d be remiss if I didn’t call attention also to the session on assessing the security of third party software. This panel, which features Veracode’s own Chris Wysopal, will echo some of the same issues as we raised in our discussion of software security, Talking Code. The issues facing organizations that consume software – including software as a service- are complex. Chris will be joined by Howard Schmidt of Ridge-Schmidt Cyber (former White House cyber security czar), Steven Lipner, Microsoft’s Director of Software Security, Nadya Bartol, the Senior Cybersecurity Strategist at the Utilities Telecom Council and Eric Baize, the senior director of EMC’s Product Security Office.