Increasingly, companies and governments start to realize that secure software is not a matter of rules, laws and oversight, but needs to be deeply embedded in services and organizations. Quality and security are not primarily specifications of software, but must be embedded in the agile software development process. Agile, SCRUM and DevOps are, in todays world, the leading paradigm for development and for shortening the delivery time of working software. Today there are companies that release several times an hour new functionalities. This focus on delivering both in business software as well as in IoT/SCADA, mobile, medical, automotive software is not without risk. If the process is not sufficiently covering security, there is increased risk of successful hacks, exploits and other cyber related events. The speaker explains how the approach taken by the SSA optimally matches the new insights from policy makers for developing secure software and services, in order to make products and online services safe. The Secure (Agile) Software Framework focusses on the measures for secure agile software development providing several controls and measures to work during the software delivery cycle. Also, the Secure (Agile) Software Framework will be published during the One Conference. One of the contributors to the framework is Centre for Information Security and Privacy Protection, that provides guidelines for (government)organizations how to deal with security of software from a customer-perspective. After the presentation, a government official (ministry EZK) and a project lead of Partnering Trust, will be briefly interviewed about their view on the SSF with respect to the Roadmap Secure Digital Hard and Software; the relationship towards the governmental policy with respect to cyber security and secure software development; and the cooperation with Partnering Trust, a private-public initiative with ECP, Zeker-Online and others, part of the NL Government "Roadmap Digital Hard- and Software Security".


time: 12:20

Other sessions:

How to solve DDoS attacks

Professionalizing Incident Response & Network Defense Ethics, Standards and Self-Governance

Multi-party Vulnerability Disclosure: How we got here and where we are going (panel discussion)

Security for Safety, the holy grail of ICS is coming under attack

Got hacked! Now what?