SlideShare a Scribd company logo

Course Tech 2013, Dan Shoemaker & Ken Sigler, Engineering a More Secure Software Organization

Download as PPT, PDF
Cengage Learning
Cengage Learning

Security of information and communications technology (ICT) organizations is a critical topic due to our society’s reliance on digital information. The problem is that it is hard to reliably manage something we can’t see. This session will present a unified approach to secure ICT management. Attendees will better understand the importance and function of a standard framework of organizational practices in building a secure management process for ICT work. Participants will be shown specific case studies to illustrate how this tailoring is done in the practical universe.

1 of 18
Engineering a More Secure Software Organization Defects are not an Option
Defects are Not an Option Today •Over the past 15 years we have become globally connected through layers of systems, made-up of trillions of lines of code •Those layers underlie every aspect of our way of life, from our personal entertainment, to national defense. •The inconvenient truth is that a security breakdown in any one of these layers could potentially lead to personal tragedy, or even unthinkable disaster.
Defects are Not an Option •Nevertheless, in 2005 the President’s Information Technology Advisory Council (PITAC) found that •“Commonly used ICT development and sustainment practices still permit dangerous defects that allow attackers to compromise millions of computers every year. •Worse, PITAC estimated that “in the future, the Nation may face even more challenging problems as adversaries - both foreign and domestic – become increasingly sophisticated in their ability to insert malicious code into critical software” •We have seen that prediction come true in the succeeding eight years
Defects are Not an Option • This discussion contains recommendations that will guide technology professionals in the creation of a comprehensive lifecycle management model. • That model will incorporate well-defined management approaches into a standardized process to prevent the common defects in technology products.
Good Products from Good Processes • It is axiomatic that a product will only be as good as the process that built it • Thus, any discussion about defects hinges on ensuring the capabilities of each product’s development and maintenance process throughout the lifecycle.
Good Products from Good Processes • The direct benefit from effective processes will be that production will be more cost efficient and overall product quality will be higher. • At the same time, leveraging the capability of the development, sustainment and acquisition processes will ensure fewer mistakes and less costly rework.
Good Products from Good Processes • Our premise is that the organization that follows a disciplined set of best practices is able to duplicate its successes as well as learn from its failures. • That is because disciplined execution makes the outcomes of the process more reliably repeatable and therefore comparable across projects.
Good Products from Good Processes • Systematization of lifecycle practices based on repeatable, organization-wide processes imposes discipline and control over the software lifecycke • However, in order to ensure that those systematic practices are correct it is important to base their definition on recommendations of commonly accepted industry standards.
Standards and Best Practice • Formal Standards embody the model for the “common body of knowledge and accepted state of industry best practice • A common body of industry best practice will also enable all stakeholders to know what is expected of them.
Standards and Best Practice • Standards are important because they are the industry’s accepted means of documenting best practice. • Standards encapsulate and then communicate a logical concept and resulting approach to a particular aspect of “real world” work. • Standards for a defined area of work are created and sponsored by recognized standards bodies.
ISO 12207 and Lifecycle Management • The ISO 12207-2008 Standard provides a generic model that defines the ideal structure of the software process as a whole. • In that sense it can serve as a stable basis for defining a lifecycle management framework that is applicable to any form of software operation. • It also provides managers with the point of reference necessary to ensure that all regulatory and contractual requirements are met.
ISO 12207 and Lifecycle Management • 12207 provides a globally acknowledged basis to define and inter- relate all of the large components of software activity • ISO 12207 covers the life cycle of software from conceptualization through retirement and consists of processes for – acquiring and supplying software products and services – establishing, enabling and supporting development – sustaining products and fostering reuse.
ISO 12207 and Lifecycle Management • The processes activities and tasks itemized in the Standard are grouped into categories – Agreement Processes – Organizational Project Enabling Processes – Project Processes – Technical Processes – Software Specific Processes – Software Support Processes – Software Reuse Processes
ISO 12207 and Lifecycle Management • An optimum approach can be engineered top-down for each individual product lifecycle using the 12207 framework, • That is, an explicit process model can always be constructed for any given product lifecycle, at any level of definition by tailoring the reference framework • The framework provides the consistent elements and structural relationships to allow for designing and implementing a detailed, real-world management approach at any desired level of application.
ISO 12207 and Lifecycle Management • Each category specifies from three to eleven lifecycle processes Those processes are then further divided into a set of activities and each activity is subdivided into tasks. • The outcome of the tailoring process is a particular set of activities that become the instantiation of the ideal process recommendations of the standard. • Because those elements are defined in concrete terms they are particularly useful for coordinating complex activities
Summary • Managing a complex technical organization is a difficult task. • That is because the technical process is complex and involves work on abstract entities such as software • Therefore it is difficult to oversee and control. • The consistent application of a standard set of best practices to enforce visibility and control within the lifecycle lets managers substantively manage technology operations
Summary • The ISO 12207-2008 itemizes those best practices within a comprehensive lifecycle framework • Therefore a thorough understanding of the recommendations of that framework will allow managers to design and deploy well-defined and repeatable process architecture tailored to their organization • That architecture will help minimize defects and thereby ensure a more safe and secure lifecycle for the products and services within their technology organization
Thank you for Your Attention

Recommended

Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
SOFTWARE RELIABILITY AND QUALITY ASSURANCE
SOFTWARE RELIABILITY AND QUALITY ASSURANCESOFTWARE RELIABILITY AND QUALITY ASSURANCE
SOFTWARE RELIABILITY AND QUALITY ASSURANCEAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Ppt en 5
Ppt en 5Ppt en 5
Ppt en 5Kamal Motwani
 
ITIL Best Practice for Software Companies
ITIL Best Practice for Software CompaniesITIL Best Practice for Software Companies
ITIL Best Practice for Software CompaniesDaniel Brody
 
Iso iec 12207 software life cycle processes
Iso iec 12207 software life cycle processesIso iec 12207 software life cycle processes
Iso iec 12207 software life cycle processesEpididimo
 
Ch3 introduction to iso29110
Ch3 introduction to iso29110Ch3 introduction to iso29110
Ch3 introduction to iso29110Kittitouch Suteeca
 
software process improvement
software process improvementsoftware process improvement
software process improvementMohammad Xaviar
 
Five Principles for Application Life Cycle Management
Five Principles for Application Life Cycle ManagementFive Principles for Application Life Cycle Management
Five Principles for Application Life Cycle ManagementSriram Rajagopalan
 

Recommended

Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
SOFTWARE RELIABILITY AND QUALITY ASSURANCE
SOFTWARE RELIABILITY AND QUALITY ASSURANCESOFTWARE RELIABILITY AND QUALITY ASSURANCE
SOFTWARE RELIABILITY AND QUALITY ASSURANCEAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Ppt en 5
Ppt en 5Ppt en 5
Ppt en 5Kamal Motwani
 
ITIL Best Practice for Software Companies
ITIL Best Practice for Software CompaniesITIL Best Practice for Software Companies
ITIL Best Practice for Software CompaniesDaniel Brody
 
Iso iec 12207 software life cycle processes
Iso iec 12207 software life cycle processesIso iec 12207 software life cycle processes
Iso iec 12207 software life cycle processesEpididimo
 
Ch3 introduction to iso29110
Ch3 introduction to iso29110Ch3 introduction to iso29110
Ch3 introduction to iso29110Kittitouch Suteeca
 
software process improvement
software process improvementsoftware process improvement
software process improvementMohammad Xaviar
 
Five Principles for Application Life Cycle Management
Five Principles for Application Life Cycle ManagementFive Principles for Application Life Cycle Management
Five Principles for Application Life Cycle ManagementSriram Rajagopalan
 
ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsMoutasm Tamimi
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality AssuranceB M Shahrier Majumder, PMP, CSM
 
Deciding the software development life cycle procedure (according to iso12207)
Deciding the software development life cycle procedure (according to iso12207)Deciding the software development life cycle procedure (according to iso12207)
Deciding the software development life cycle procedure (according to iso12207)Fatih Algün
 
Quality concept
Quality concept Quality concept
Quality concept st.mary's womens engineering college,budampadu
 
Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6Abdul Basit
 
cv 2015
cv 2015cv 2015
cv 2015Michael Wu
 
Software Quality Assurance and Testing at NIIT
Software Quality Assurance and Testing at NIITSoftware Quality Assurance and Testing at NIIT
Software Quality Assurance and Testing at NIITVikas Maheshwary
 
cv 2015
cv 2015cv 2015
cv 2015Michael Wu
 
Chap2 RE processes
Chap2 RE processesChap2 RE processes
Chap2 RE processesIan Sommerville
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurancelakshmi1693
 
software Quality management presentation
software Quality management presentationsoftware Quality management presentation
software Quality management presentationMuneeb Khan
 
Lecture 05 Software Quality Management
Lecture 05 Software Quality ManagementLecture 05 Software Quality Management
Lecture 05 Software Quality ManagementAchmad Solichin
 
IRJET- Construction Quality Management on Site
IRJET- Construction Quality Management on SiteIRJET- Construction Quality Management on Site
IRJET- Construction Quality Management on SiteIRJET Journal
 
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...dheimann5
 
Software Quality Analyst and Software Quality Management
Software Quality Analyst and Software Quality ManagementSoftware Quality Analyst and Software Quality Management
Software Quality Analyst and Software Quality Managementنور شزننا
 
Software qualityassurance
Software qualityassuranceSoftware qualityassurance
Software qualityassurancesunilabj
 
Streamlining a Global Life Sciences Company's Pharmacovigilance Operations
Streamlining a Global Life Sciences Company's Pharmacovigilance OperationsStreamlining a Global Life Sciences Company's Pharmacovigilance Operations
Streamlining a Global Life Sciences Company's Pharmacovigilance OperationsPerficient
 
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...Perficient
 
Ais development strategy
Ais development strategyAis development strategy
Ais development strategyRahat Chowdhury
 
Ray3
Ray3Ray3
Ray3Faraz Shahid
 
Hrm practices of indian software organization
Hrm practices of indian software organizationHrm practices of indian software organization
Hrm practices of indian software organizationiaemedu
 
Innovative hr practices in software organization
Innovative hr practices in software organizationInnovative hr practices in software organization
Innovative hr practices in software organizationIAEME Publication
 

More Related Content

What's hot

ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsMoutasm Tamimi
 
Deciding the software development life cycle procedure (according to iso12207)
Deciding the software development life cycle procedure (according to iso12207)Deciding the software development life cycle procedure (according to iso12207)
Deciding the software development life cycle procedure (according to iso12207)Fatih Algün
 
Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6Abdul Basit
 
Software Quality Assurance and Testing at NIIT
Software Quality Assurance and Testing at NIITSoftware Quality Assurance and Testing at NIIT
Software Quality Assurance and Testing at NIITVikas Maheshwary
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurancelakshmi1693
 
software Quality management presentation
software Quality management presentationsoftware Quality management presentation
software Quality management presentationMuneeb Khan
 
Lecture 05 Software Quality Management
Lecture 05 Software Quality ManagementLecture 05 Software Quality Management
Lecture 05 Software Quality ManagementAchmad Solichin
 
IRJET- Construction Quality Management on Site
IRJET- Construction Quality Management on SiteIRJET- Construction Quality Management on Site
IRJET- Construction Quality Management on SiteIRJET Journal
 
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...dheimann5
 
Software Quality Analyst and Software Quality Management
Software Quality Analyst and Software Quality ManagementSoftware Quality Analyst and Software Quality Management
Software Quality Analyst and Software Quality Managementنور شزننا
 
Software qualityassurance
Software qualityassuranceSoftware qualityassurance
Software qualityassurancesunilabj
 
Streamlining a Global Life Sciences Company's Pharmacovigilance Operations
Streamlining a Global Life Sciences Company's Pharmacovigilance OperationsStreamlining a Global Life Sciences Company's Pharmacovigilance Operations
Streamlining a Global Life Sciences Company's Pharmacovigilance OperationsPerficient
 
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...Perficient
 
Ais development strategy
Ais development strategyAis development strategy
Ais development strategyRahat Chowdhury
 

What's hot (20)

ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEs
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurance
 
Deciding the software development life cycle procedure (according to iso12207)
Deciding the software development life cycle procedure (according to iso12207)Deciding the software development life cycle procedure (according to iso12207)
Deciding the software development life cycle procedure (according to iso12207)
 
Quality concept
Quality concept Quality concept
Quality concept
 
Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6Planning for software quality assurance lecture 6
Planning for software quality assurance lecture 6
 
cv 2015
cv 2015cv 2015
cv 2015
 
Software Quality Assurance and Testing at NIIT
Software Quality Assurance and Testing at NIITSoftware Quality Assurance and Testing at NIIT
Software Quality Assurance and Testing at NIIT
 
cv 2015
cv 2015cv 2015
cv 2015
 
Chap2 RE processes
Chap2 RE processesChap2 RE processes
Chap2 RE processes
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurance
 
software Quality management presentation
software Quality management presentationsoftware Quality management presentation
software Quality management presentation
 
Lecture 05 Software Quality Management
Lecture 05 Software Quality ManagementLecture 05 Software Quality Management
Lecture 05 Software Quality Management
 
IRJET- Construction Quality Management on Site
IRJET- Construction Quality Management on SiteIRJET- Construction Quality Management on Site
IRJET- Construction Quality Management on Site
 
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...
A Guide to the Forthcoming 2012 Revision of the IEEE Software Quality Assuran...
 
Software Quality Analyst and Software Quality Management
Software Quality Analyst and Software Quality ManagementSoftware Quality Analyst and Software Quality Management
Software Quality Analyst and Software Quality Management
 
Software qualityassurance
Software qualityassuranceSoftware qualityassurance
Software qualityassurance
 
Streamlining a Global Life Sciences Company's Pharmacovigilance Operations
Streamlining a Global Life Sciences Company's Pharmacovigilance OperationsStreamlining a Global Life Sciences Company's Pharmacovigilance Operations
Streamlining a Global Life Sciences Company's Pharmacovigilance Operations
 
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...
2013 OHSUG - Facilitating Pharmacovigilance Globalization with Process Reengi...
 
Ais development strategy
Ais development strategyAis development strategy
Ais development strategy
 
Ray3
Ray3Ray3
Ray3
 

Viewers also liked

Hrm practices of indian software organization
Hrm practices of indian software organizationHrm practices of indian software organization
Hrm practices of indian software organizationiaemedu
 
Innovative hr practices in software organization
Innovative hr practices in software organizationInnovative hr practices in software organization
Innovative hr practices in software organizationIAEME Publication
 
Lectures for Basic Seminar on Cooperative Development
Lectures for Basic Seminar on Cooperative DevelopmentLectures for Basic Seminar on Cooperative Development
Lectures for Basic Seminar on Cooperative DevelopmentGaphor Panimbang
 
Netflix Business Model & Strategy
Netflix Business Model & StrategyNetflix Business Model & Strategy
Netflix Business Model & StrategyEvgenii Gvozdev
 
Cooperative Management
Cooperative ManagementCooperative Management
Cooperative Managementjo bitonio
 
Culture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyCulture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyHubSpot
 

Viewers also liked (6)

Hrm practices of indian software organization
Hrm practices of indian software organizationHrm practices of indian software organization
Hrm practices of indian software organization
 
Innovative hr practices in software organization
Innovative hr practices in software organizationInnovative hr practices in software organization
Innovative hr practices in software organization
 
Lectures for Basic Seminar on Cooperative Development
Lectures for Basic Seminar on Cooperative DevelopmentLectures for Basic Seminar on Cooperative Development
Lectures for Basic Seminar on Cooperative Development
 
Netflix Business Model & Strategy
Netflix Business Model & StrategyNetflix Business Model & Strategy
Netflix Business Model & Strategy
 
Cooperative Management
Cooperative ManagementCooperative Management
Cooperative Management
 
Culture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyCulture Code: Creating A Lovable Company
Culture Code: Creating A Lovable Company
 

Similar to Course Tech 2013, Dan Shoemaker & Ken Sigler, Engineering a More Secure Software Organization

Recent and-future-trends spm
Recent and-future-trends spmRecent and-future-trends spm
Recent and-future-trends spmPrakash Poudel
 
Intoduction to software engineering part 2
Intoduction to software engineering part 2Intoduction to software engineering part 2
Intoduction to software engineering part 2Rupesh Vaishnav
 
Introduction to Software Development Life Cycle.pptx
Introduction to Software Development Life Cycle.pptxIntroduction to Software Development Life Cycle.pptx
Introduction to Software Development Life Cycle.pptxGodwin Monserate
 
Methodology Selection Strategy
Methodology Selection Strategy Methodology Selection Strategy
Methodology Selection Strategy Ajeng Savitri
 
When agility meets software quality
When agility meets software qualityWhen agility meets software quality
When agility meets software qualityBabak Khorrami
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software EngineeringMajane Padua
 
Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2Raj vardhan
 
26.1a.Introduction to DEVOPS_v2.pptx
26.1a.Introduction to DEVOPS_v2.pptx26.1a.Introduction to DEVOPS_v2.pptx
26.1a.Introduction to DEVOPS_v2.pptxPanos Fitsilis
 
A Comparative Study of Different types of Models in Software Development Life...
A Comparative Study of Different types of Models in Software Development Life...A Comparative Study of Different types of Models in Software Development Life...
A Comparative Study of Different types of Models in Software Development Life...IRJET Journal
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
Introduction to 5w’s of DevOps
Introduction to 5w’s of DevOpsIntroduction to 5w’s of DevOps
Introduction to 5w’s of DevOpsCygnet Infotech
 
DevOps for absolute beginners (2022 edition)
DevOps for absolute beginners (2022 edition)DevOps for absolute beginners (2022 edition)
DevOps for absolute beginners (2022 edition)Ahmed Misbah
 
Software development life cycle
Software development life cycleSoftware development life cycle
Software development life cycleAfrasiyab Haider
 
Software product line
Software product lineSoftware product line
Software product lineHimanshu
 

Similar to Course Tech 2013, Dan Shoemaker & Ken Sigler, Engineering a More Secure Software Organization (20)

standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
 
Recent and-future-trends spm
Recent and-future-trends spmRecent and-future-trends spm
Recent and-future-trends spm
 
Intoduction to software engineering part 2
Intoduction to software engineering part 2Intoduction to software engineering part 2
Intoduction to software engineering part 2
 
IEEE 12207
IEEE 12207IEEE 12207
IEEE 12207
 
SE Lecture 2.ppt
SE Lecture 2.pptSE Lecture 2.ppt
SE Lecture 2.ppt
 
Introduction to Software Development Life Cycle.pptx
Introduction to Software Development Life Cycle.pptxIntroduction to Software Development Life Cycle.pptx
Introduction to Software Development Life Cycle.pptx
 
Methodology Selection Strategy
Methodology Selection Strategy Methodology Selection Strategy
Methodology Selection Strategy
 
When agility meets software quality
When agility meets software qualityWhen agility meets software quality
When agility meets software quality
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 
Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2
 
26.1a.Introduction to DEVOPS_v2.pptx
26.1a.Introduction to DEVOPS_v2.pptx26.1a.Introduction to DEVOPS_v2.pptx
26.1a.Introduction to DEVOPS_v2.pptx
 
A Comparative Study of Different types of Models in Software Development Life...
A Comparative Study of Different types of Models in Software Development Life...A Comparative Study of Different types of Models in Software Development Life...
A Comparative Study of Different types of Models in Software Development Life...
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
Introduction to 5w’s of DevOps
Introduction to 5w’s of DevOpsIntroduction to 5w’s of DevOps
Introduction to 5w’s of DevOps
 
Dev ops lpi-701
Dev ops lpi-701Dev ops lpi-701
Dev ops lpi-701
 
Software Development
Software DevelopmentSoftware Development
Software Development
 
DevOps for absolute beginners (2022 edition)
DevOps for absolute beginners (2022 edition)DevOps for absolute beginners (2022 edition)
DevOps for absolute beginners (2022 edition)
 
Process Models IN software Engineering
Process Models IN software EngineeringProcess Models IN software Engineering
Process Models IN software Engineering
 
Software development life cycle
Software development life cycleSoftware development life cycle
Software development life cycle
 
Software product line
Software product lineSoftware product line
Software product line
 

More from Cengage Learning

Discovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper CollectionDiscovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper CollectionCengage Learning
 
Are Your Students Ready for Lab?
Are Your Students Ready for Lab?Are Your Students Ready for Lab?
Are Your Students Ready for Lab?Cengage Learning
 
5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and OutcomesCengage Learning
 
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical MindsCengage Learning
 
Google Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research HeavenGoogle Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research HeavenCengage Learning
 
Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...Cengage Learning
 
Mind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage LearningMind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage LearningCengage Learning
 
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Cengage Learning
 
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeTaming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeCengage Learning
 
Decimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental MathDecimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental MathCengage Learning
 
Game it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental MathGame it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental MathCengage Learning
 
Overcoming Textbook Fatigue
Overcoming Textbook FatigueOvercoming Textbook Fatigue
Overcoming Textbook FatigueCengage Learning
 
Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?Cengage Learning
 
You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...Cengage Learning
 
What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?Cengage Learning
 
The ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and ImplementationThe ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and ImplementationCengage Learning
 
Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old? Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old? Cengage Learning
 
Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes Cengage Learning
 
Creating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of WorkCreating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of WorkCengage Learning
 
Preparing Students for Career Success
Preparing Students for Career Success Preparing Students for Career Success
Preparing Students for Career Success Cengage Learning
 

More from Cengage Learning (20)

Discovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper CollectionDiscovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper Collection
 
Are Your Students Ready for Lab?
Are Your Students Ready for Lab?Are Your Students Ready for Lab?
Are Your Students Ready for Lab?
 
5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes
 
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
 
Google Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research HeavenGoogle Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research Heaven
 
Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...
 
Mind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage LearningMind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage Learning
 
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
 
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeTaming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
 
Decimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental MathDecimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental Math
 
Game it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental MathGame it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental Math
 
Overcoming Textbook Fatigue
Overcoming Textbook FatigueOvercoming Textbook Fatigue
Overcoming Textbook Fatigue
 
Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?
 
You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...
 
What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?
 
The ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and ImplementationThe ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and Implementation
 
Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old? Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old?
 
Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes
 
Creating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of WorkCreating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of Work
 
Preparing Students for Career Success
Preparing Students for Career Success Preparing Students for Career Success
Preparing Students for Career Success
 

Course Tech 2013, Dan Shoemaker & Ken Sigler, Engineering a More Secure Software Organization

  • 1. Engineering a More Secure Software Organization Defects are not an Option
  • 2. Defects are Not an Option Today •Over the past 15 years we have become globally connected through layers of systems, made-up of trillions of lines of code •Those layers underlie every aspect of our way of life, from our personal entertainment, to national defense. •The inconvenient truth is that a security breakdown in any one of these layers could potentially lead to personal tragedy, or even unthinkable disaster.
  • 3. Defects are Not an Option •Nevertheless, in 2005 the President’s Information Technology Advisory Council (PITAC) found that •“Commonly used ICT development and sustainment practices still permit dangerous defects that allow attackers to compromise millions of computers every year. •Worse, PITAC estimated that “in the future, the Nation may face even more challenging problems as adversaries - both foreign and domestic – become increasingly sophisticated in their ability to insert malicious code into critical software” •We have seen that prediction come true in the succeeding eight years
  • 4. Defects are Not an Option • This discussion contains recommendations that will guide technology professionals in the creation of a comprehensive lifecycle management model. • That model will incorporate well-defined management approaches into a standardized process to prevent the common defects in technology products.
  • 5. Good Products from Good Processes • It is axiomatic that a product will only be as good as the process that built it • Thus, any discussion about defects hinges on ensuring the capabilities of each product’s development and maintenance process throughout the lifecycle.
  • 6. Good Products from Good Processes • The direct benefit from effective processes will be that production will be more cost efficient and overall product quality will be higher. • At the same time, leveraging the capability of the development, sustainment and acquisition processes will ensure fewer mistakes and less costly rework.
  • 7. Good Products from Good Processes • Our premise is that the organization that follows a disciplined set of best practices is able to duplicate its successes as well as learn from its failures. • That is because disciplined execution makes the outcomes of the process more reliably repeatable and therefore comparable across projects.
  • 8. Good Products from Good Processes • Systematization of lifecycle practices based on repeatable, organization-wide processes imposes discipline and control over the software lifecycke • However, in order to ensure that those systematic practices are correct it is important to base their definition on recommendations of commonly accepted industry standards.
  • 9. Standards and Best Practice • Formal Standards embody the model for the “common body of knowledge and accepted state of industry best practice • A common body of industry best practice will also enable all stakeholders to know what is expected of them.
  • 10. Standards and Best Practice • Standards are important because they are the industry’s accepted means of documenting best practice. • Standards encapsulate and then communicate a logical concept and resulting approach to a particular aspect of “real world” work. • Standards for a defined area of work are created and sponsored by recognized standards bodies.
  • 11. ISO 12207 and Lifecycle Management • The ISO 12207-2008 Standard provides a generic model that defines the ideal structure of the software process as a whole. • In that sense it can serve as a stable basis for defining a lifecycle management framework that is applicable to any form of software operation. • It also provides managers with the point of reference necessary to ensure that all regulatory and contractual requirements are met.
  • 12. ISO 12207 and Lifecycle Management • 12207 provides a globally acknowledged basis to define and inter- relate all of the large components of software activity • ISO 12207 covers the life cycle of software from conceptualization through retirement and consists of processes for – acquiring and supplying software products and services – establishing, enabling and supporting development – sustaining products and fostering reuse.
  • 13. ISO 12207 and Lifecycle Management • The processes activities and tasks itemized in the Standard are grouped into categories – Agreement Processes – Organizational Project Enabling Processes – Project Processes – Technical Processes – Software Specific Processes – Software Support Processes – Software Reuse Processes
  • 14. ISO 12207 and Lifecycle Management • An optimum approach can be engineered top-down for each individual product lifecycle using the 12207 framework, • That is, an explicit process model can always be constructed for any given product lifecycle, at any level of definition by tailoring the reference framework • The framework provides the consistent elements and structural relationships to allow for designing and implementing a detailed, real-world management approach at any desired level of application.
  • 15. ISO 12207 and Lifecycle Management • Each category specifies from three to eleven lifecycle processes Those processes are then further divided into a set of activities and each activity is subdivided into tasks. • The outcome of the tailoring process is a particular set of activities that become the instantiation of the ideal process recommendations of the standard. • Because those elements are defined in concrete terms they are particularly useful for coordinating complex activities
  • 16. Summary • Managing a complex technical organization is a difficult task. • That is because the technical process is complex and involves work on abstract entities such as software • Therefore it is difficult to oversee and control. • The consistent application of a standard set of best practices to enforce visibility and control within the lifecycle lets managers substantively manage technology operations
  • 17. Summary • The ISO 12207-2008 itemizes those best practices within a comprehensive lifecycle framework • Therefore a thorough understanding of the recommendations of that framework will allow managers to design and deploy well-defined and repeatable process architecture tailored to their organization • That architecture will help minimize defects and thereby ensure a more safe and secure lifecycle for the products and services within their technology organization
  • 18. Thank you for Your Attention