tspsymposium2014 has ended
Back To Schedule
Wednesday, November 5 • 10:35am - 12:00pm
The Internet of Things and Insecure Design

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Since its inception in 1988, the CERT Coordination Center (CERT/CC) has been analyzing and coordinating software vulnerabilities. The CERT/CC’s vulnerability response process includes discovering and reporting, analyzing, coordinating with vendors (software development organizations), and public disclosure. The results of this work are documented in the Vulnerability Notes Database. One observation highlights a disconnect between software engineering, design, and development practices and constantly evolving threats posed to highly interconnected software and systems.

The CERT/CC contributed to the Data-Driven Software Assurance (DDSA) project recently published by the SEI. A significant area of the DDSA research investigated operational vulnerabilities that “likely had their origins early in the life cycle, in the requirements and design phases.” To give one example, the lack of threat modeling, particularly in emerging domains, leads to insecurity.

This session will provide background on and examples of the life cycle of vulnerabilities, with the goal of improving the connection between software development and increased operational security. The session will also highlight design-related causes of vulnerabilities and software security issues affecting the growing “Internet of Things.”

avatar for Art Manion

Art Manion

Carnegie Mellon Software Engineering Institute
Art Manion is a senior member of the Vulnerability Analysis team in the CERT Coordination Center at the Software Engineering Institute (SEI). He has studied vulnerabilities and coordinated responsible disclosure efforts since joining CERT in 2001, where he gained mild notoriety for... Read More →

Wednesday November 5, 2014 10:35am - 12:00pm EST
Grand Station Ballroom 5