Cyber-Assurance Ecosystem - Automation Activities For Securing The Enterprise

No ratings

Presented at OWASP Appsec 2010 by

Joe Jarzombek

Whether you manage internal development activities, work with third party developers or are developing a COTS application for enterprise, your mandate is clear - safeguard your code and make it resistant to exploitation. DHS’s Software Assurance Program sponsors via funding and tasking the Common Vulnerabilities and Exposures (CVE®), the Common Weakness Enumeration (CWE)™, Open Vulnerability and Assessment Language (OVAL®), Common Attack Pattern Enumeration and Classification (CAPEC), and Malware Attribute Enumeration and Characterization (MAEC™) programs through MITRE. The Common Weakness Enumeration (CWE™) initiative is a dictionary of the common software weaknesses in architecture, design, or code for developers and security practitioners and to serve as a standard measuring stick for software security tools targeting these weaknesses, and to provide a common baseline standard for weakness identification, mitigation, and prevention efforts. Like the OWASP Top Ten, the 2010 SANS/CWE list of the Top 25 Most Dangerous Software Errors, is discussed by many as the "standard" of due-diligence for developing secure applications in many large enterprises. Based on a sub-set of the CWE, the Top 25 is used by government and industry in procurement language mandating application security.