Abstract Details

<< Back to Schedule

10/14/2015  |   1:15 PM - 2:00 PM   |  Pacific II

Static Analysis Security Testing - Current state and future direction

The goal of this presentation is to introduce the audience to the current state of the static analysis marketplace, common challenges faced by software security practitioners when rolling out enterprise-scale static analysis programs, and pointers on future direction. The intention is not just to improve awareness on an increasingly popular domain within the software security space, but to educate program owners on how to choose between the different options available in the market. The presentation will be useful to anyone that is interested in software security (especially, static analysis). This includes folks that currently run static analysis programs in their organizations, as well as those interested in investing in static analysis tools / solutions. This presentation provides a holistic view of how the industry has taken its shape over the past decade, and what organizations need to know when planning for a new static analysis initiative. This presentation is an organized discourse on the following topic areas based on over six years of practical static analysis deployment and consulting experience: ? Industry trend in static analysis over the past decade ? Phase I – 2005-2009 – Developer static analysis ? Phase II – 2010-2012 – Centralized service bureau ? Phase II – 2013-2014 – Scalable managed services ? Current state of the industry ? Current shift towards managed services ? Three reasons why many static analysis programs fail ? Principles behind highly effective static analysis programs ? Based on lessons learnt from working with over 25 static analysis programs ? Real-world case studies from the world’s largest static analysis deployments ? Future direction (2015-2017) ? Static analysis in Agile development ? Static analysis in the middle market

This presentation has not yet been uploaded.

No handouts have been uploaded.

Aravind Venkataraman (Primary Presenter), Cigital, avenkataraman@cigital.com;
Mr. Aravind Venkataraman is the Director of Cigital’s Static Analysis practice. He has over 8 years of experience in software security and network security. At Cigital (www.cigital.com), he has spent the past 6 years helping a number of Fortune 100 companies build and run software security practices. He has performed planning, advisory and operational roles in building such practices. He specializes in deploying static analysis programs. He has helped several organizations deploy and run static analysis capabilities of different sizes and shapes. He presently plays a technical leadership and program advisory role both for internal staff and clients based out of Washington DC.

2013 Sponsors: IEEE and IEEE Computer Society