1 / 12

Convener’s Remarks, Meeting #1 of ISO/IEC JTC 1/SC 22/OWG:V

Convener’s Remarks, Meeting #1 of ISO/IEC JTC 1/SC 22/OWG:V. Jim Moore Convener, ISO/IEC JTC 1/SC 22/OWG Vulnerability James.W.Moore@ieee.org. Cyber Security is a Growing Problem. -- From Joe Jarzombek, PMP, Director for Software Assurance, NCSD, DHS. Threat.

rane
Download Presentation

Convener’s Remarks, Meeting #1 of ISO/IEC JTC 1/SC 22/OWG:V

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Convener’s Remarks, Meeting #1 of ISO/IEC JTC 1/SC 22/OWG:V Jim MooreConvener, ISO/IEC JTC 1/SC 22/OWG Vulnerability James.W.Moore@ieee.org For OWGV Meeting #1, 2006 June, Washington, DC, USA

  2. Cyber Security is a Growing Problem -- From Joe Jarzombek, PMP, Director for Software Assurance, NCSD, DHS For OWGV Meeting #1, 2006 June, Washington, DC, USA

  3. Threat • The problem has implications for: • Safety • Privacy • Security • Economy • Even national security -- From Joe Jarzombek, PMP, Director for Software Assurance, NCSD, DHS For OWGV Meeting #1, 2006 June, Washington, DC, USA

  4. Government Response There are initiatives underway in the US, in both Defense and Homeland Security. -- From Joe Jarzombek, PMP, Director for Software Assurance, NCSD, DHS For OWGV Meeting #1, 2006 June, Washington, DC, USA

  5. Relationship of Software Assurance to Other Disciplines For OWGV Meeting #1, 2006 June, Washington, DC, USA

  6. Relationship of Software Assurance to Other Disciplines Some “avoidable mistakes” are encouraged by poor usage (arguably, poor design) of programming languages. For OWGV Meeting #1, 2006 June, Washington, DC, USA

  7. Any programming language has constructs that are imperfectly defined, implementation-dependent or difficult to use correctly. As a result, software programs sometimes execute differently than intended by the writer. In some cases, these vulnerabilities can be exploited by unfriendly parties. Can compromise safety, security and privacy. Can be used to make additional attacks. Problem For OWGV Meeting #1, 2006 June, Washington, DC, USA

  8. The choice of programming language for a project is not solely a technical decision and is not made solely by software engineers. Some vulnerabilities cannot be mitigated by better use of the language but require mitigation by other methods, e.g. review, static analysis. Complicating Factors For OWGV Meeting #1, 2006 June, Washington, DC, USA

  9. ISO IEC TC176 JTC1 TC65 Quality Mgmt Safety SC22 SC7 SC27 Programming Languages Software and Systems Engineering IT Security Relevant International Standards Committees For OWGV Meeting #1, 2006 June, Washington, DC, USA

  10. John Hill, Chair, ISO/IEC JTC 1/SC 22 Sally Seitz (ANSI), Secretariat, SC 22 Jim Moore, Convener, SC 22/OWGV John Benito, Co-Convener, SC 22/OWGV Secretary ? Project Editor ? Officers For OWGV Meeting #1, 2006 June, Washington, DC, USA

  11. Participation For OWGV Meeting #1, 2006 June, Washington, DC, USA

  12. Progress For OWGV Meeting #1, 2006 June, Washington, DC, USA

More Related