This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, November 5 • 9:35am - 10:15am
Insider Threats in the Software Development Life Cycle

Sign up or log in to save this to your schedule and see who's attending!

The software development life cycle presents a wide array of attack vectors for malicious insiders. The software produced, and its associated artifacts, are assets that an organization must protect. The data collected by or entered into software can be the target of theft, tampering, and other types of malicious activity. The business processes automated by software can be severely impacted when software is faulty or services are unavailable. Through the CERT Division's insider threat research, we have collected numerous cases in which insiders exploited vulnerabilities in software development processes to cause harm to their organizations. In this presentation, we discuss patterns and trends in these cases, focusing on similarities in attack techniques, targets, and motivations. We also present mitigation strategies for commonly exploited vulnerabilities and make the case for the creation of a secure software development process as a critical piece of a robust insider threat program.

avatar for Daniel Costa

Daniel Costa

Carnegie Mellon Software Engineering Institute
Daniel Costa is a Cyber Security Solutions Developer in the Cyber Security Solutions (CS2) Directorate of the CERT Division at the Carnegie Mellon Software Engineering Institute. Dan designs, develops, and transitions tools, solutions, and exercises that support the missions of CS2 and the CERT Division. Prior to joining the CERT Division, Dan was a Software Engineer at Applied Programming Technology, Inc., a company that develops nuclear... Read More →
avatar for Randall Trzeciak

Randall Trzeciak

Carnegie Mellon Software Engineering Institute
Randy Trzeciak is Technical Manager of the CERT Division’s Enterprise Threat and Vulnerability Management Team and the CERT Insider Threat Center at the Carnegie Mellon Software Engineering Institute. The team assists organizations in improving their security posture and incident response capability by researching technical threat areas; developing and conducting information security assessments; and providing information, solutions, and... Read More →

Wednesday November 5, 2014 9:35am - 10:15am
Grand Station Ballroom 5

Attendees (1)