Fortify at RSA Conference 2011

We here in the Fortify corner of HP will be giving several talks at the RSA Conference 2011 in San Francisco next month and I wanted to take an opportunity to tell you about two of them that excite me the most.

At 10:00AM on Wednesday 2/16 I’ll deliver a talk titled The Evolution of Software Security Assurance and Its Relevance Today. We all know secure software means threat modeling, code review, penetration testing, and a plethora of other activities we take for granted. Right? Starting with Saltzer and Schroeder, this talk explores the origins, evolution, and use of these activities and others. Throughout, we share deployment experience and relate the discussion to living standards, such as Microsoft SDL, OWASP Top 10, and PCI DSS.

Immediately following my talk at 11:10AM (still Wednesday 2/16) Brian Chess and I continuing the tradition we started with the Iron Chef series of security competitions (conducted at Black Hat shows past) by leading a panel of experts in Extreme Makeover: Open Source Edition. In the spirit of ABC's reality TV show, we will bring the combined experience of our panel to bear on a critique of the open source project’s security. This lighthearted session is for newbies who want to watch a real live dissection take place and pros who need a dose of schadenfreude.