Abstract Details

<< Back to Schedule

9/27/2017  |   2:00 PM - 2:45 PM   |  

Reducing Software Vulnerabilities – The “Vital Few” Process and Product Metrics

Summary: In this presentation, we show the combined impact of high maturity processes and disciplined agile teams on secure software development. We share real world data – nearly zero security incidents attributable to poor quality software. Details: Defective software is insecure. We demonstrate how disciplined agile teams consistently deliver substantially defect-free software on predictable cost, and schedule, by making quality the number one goal of every project. The teams build security throughout the life cycle and do not rely on testing alone for defect removal. Customer benefits include dramatically reduced number of security incidents attributable to poor quality software code and reduced operations and maintenance costs. While time to market is important, managers must also empower developers with the skills, training and certification needed to deliver products with fewer vulnerabilities the first time around. We share real world cost, schedule and quality data to illustrate. Take-aways include: Comprehend the impact of common violations of good coding practices on security and maintainability Understand how to ensure that software code has zero Top 25 most dangerous security violations early in the lifecycle Understand how “excellent” code can reduce maintenance cost to as little as 3 to 5 percent of development cost Understand the cause of suboptimal results such as a “deliver now, fix later” culture, unacceptable increases in technical debt and total ownership cost in many “agile” projects. Understand how high maturity optimizing process provides the “vital few” process and product metrics to help agile teams reduce software vulnerabilities Understand how to build and maintain agile software development teams and achieve results better than the best in class

This presentation has not yet been uploaded.

No handouts have been uploaded.

Girish Seshagiri (Primary Presenter), Ishpi Information Technologies, Inc., girish.seshagiri@ishpi.net;
Girish Seshagiri is a globally recognized thought leader in software assurance, software quality management, secure software development, software process improvement, and modern methods of managing knowledge work. Girish is the architect of several disruptive technology innovations and strategic initiatives, including: High Velocity Development? (a hybrid agile development process), firm fixed price performance based software development contracting, and software quality guaranteed by lifetime warranty against defects. He is the author of white paper “Emerging Cyber Threats Call for a Change in the ‘Deliver Now, Fix Later’ Culture of Software Development”. Girish, an early adopter of the Dual Vocational Training Model for skills formation and a staunch advocate of regional secure software workforce development, is currently providing the founding organizational leadership to the national roll out of the Community Initiative Center of Excellence for Secure Software (CICESS). Girish has an MBA (Marketing) from Michigan State University.

2017 Sponsors: IEEE and IEEE Computer Society