Up to date agenda can be found at: https://omg.org/events/2023Q2/agendas/SysAPTFCalendar.html
Tue 2023-06-20 | |||
13:00-15:00 | Joint Meeting with C4I on DevSecOps Standards Efforts | ||
Wed 2023-06-21 | |||
08:45-09:00 | Call-in Information | ||
| |||
09:00-09:15 | Gathering and agenda review | ||
Leading: Co-char | |||
09:15-10:00 | Acquisition Security Framework (ASF): Informing Software Bill of Materials (SBOM) Use Cases and Risk Reduction | ||
Speaker: Dr. Carol S. Woody Abstract Software Bill of Materials (SBOM) is gaining attention recently. By itself, an SBOM has limited value, but there is great potential if properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of leading practices for building an SBOM and using it to support risk reduction. It provides a roadmap for managing vulnerabilities and risks in third-party software, including commercial-of-the-shelf (COTS) software, government-of-the-shelf (GOTS) software, and open-source software (OSS). A set of use cases informed the foundation for identifying SBOM practices, including building an SBOM and using it to manage risks to software intensive systems. Those foundational practices were augmented using key security management concepts, such as the need to address requirements, planning and preparation, infrastructure, and organizational support. In this presentation, we will show how organizations can connect SBOMs to acquisition and development to support improved system and software assurance. | |||
10:00-10:30 | Break | ||
10:30-11:00 | ISO 5055 Automated Source Code Quality Measures | ||
Speaker: Dr. Bill Curtis | |||
11:00-11:30 | Manual cybersecurity Practices considered harmful | ||
Speaker: Dr. Nick Mansourov | |||
11:30-12:00 | TBD | ||
12:00-13:00 | Lunch | ||
Generated at: 2023-06-26 23:00 US/Eastern