Loading…
tspsymposium2014 has ended
Back To Schedule
Wednesday, November 5 • 9:35am - 10:15am
Insider Threats in the Software Development Life Cycle

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The software development life cycle presents a wide array of attack vectors for malicious insiders. The software produced, and its associated artifacts, are assets that an organization must protect. The data collected by or entered into software can be the target of theft, tampering, and other types of malicious activity. The business processes automated by software can be severely impacted when software is faulty or services are unavailable. Through the CERT Division's insider threat research, we have collected numerous cases in which insiders exploited vulnerabilities in software development processes to cause harm to their organizations. In this presentation, we discuss patterns and trends in these cases, focusing on similarities in attack techniques, targets, and motivations. We also present mitigation strategies for commonly exploited vulnerabilities and make the case for the creation of a secure software development process as a critical piece of a robust insider threat program.

Speakers
avatar for Daniel Costa

Daniel Costa

Carnegie Mellon Software Engineering Institute
Daniel Costa is a Cyber Security Solutions Developer in the Cyber Security Solutions (CS2) Directorate of the CERT Division at the Carnegie Mellon Software Engineering Institute. Dan designs, develops, and transitions tools, solutions, and exercises that support the missions of CS2... Read More →
avatar for Randall Trzeciak

Randall Trzeciak

Carnegie Mellon Software Engineering Institute
Randy Trzeciak is Technical Manager of the CERT Division’s Enterprise Threat and Vulnerability Management Team and the CERT Insider Threat Center at the Carnegie Mellon Software Engineering Institute. The team assists organizations in improving their security posture and incident... Read More →


Wednesday November 5, 2014 9:35am - 10:15am EST
Grand Station Ballroom 5

Attendees (0)