Security is an incredibly hot topic these days in the embedded and IoT spaces. I recently moderated a panel session on the challenges that an IoT developer must face. Each question was somehow drawn into a discussion about security, as that’s what the attendees, a gathering of design engineers and developers, wanted to discuss.
Whether the topic is how do I secure my end device, my server, or the links between, the questions abound. Most “experts” have a solution, but unfortunately, they’re often different – and sometimes conflicting – solutions.
To continue to push for answers to these questions, Rogue Wave, Polarion Software, and Security Innovation are joining forces with software security experts James Ransome, Brook Schoenfield, and Murali Somanchy to host “Security at the source: Threat modeling and applied security architecture in Agile software development.” This is a half-day of interactive talks revolving around security, and it’s hosted by yours truly. The goal of the event is to provide specific intelligence on the state of security for your company, and arm you with information that you can act upon immediately. The event takes place on September 29, at 1:00 in Palo Alto, Calif.
The specifics you’ll learn include how to identify and remedy vulnerabilities early on in the software development life cycle; how to create policies for code management in integrated testing environments; how to ensure compliance to proven security standards by understanding what they mean; and how to integrate security and compliance testing with Agile development.
The three a forenamed experts clearly know what they’re talking about. Ransome is the Director of Product Security Architecture at Intel’s Security Group. Schoenfield is the Director of Product Security Architecture, also in Intel’s Security Group. He’s also the senior technical leader for software security across the division’s broad product portfolio. Somanchy is a Product Security Engineer at Qualcomm, where he oversees the company’s static analysis (SA) initiative. Among other things, this includes defining the SA strategy, custom bug hunts, mentoring developers to write secure code and performing root cause on security and quality incidents.
One of the more rambunctious events of the day will be a panel session, where we address the audience’s questions surrounding software security. Each of the panelists represent a different segment of the development chain, so it’ll be an “end-to-end” discussion. Aside from the three experts, the panel will include a staff engineer from Qualcomm, the CTO of Rogue Wave Software, a security engineer from Security Innovation, and a product manager from Polarion Software. And me, of course.