Conference:  SupplyChainSecurityCon 2022

Authors: Don Vosburg, Aaron Conklin

2022-06-22

The presentation discusses the importance of software security in organizations and how to maintain it while reducing the surface area. It emphasizes the need for partnering with companies that specialize in security to handle the burden. The presentation also covers key concepts of security such as confidentiality, integrity, availability, authenticity, non-repudiation, accountability, and anonymity. The speaker highlights the ebb and flow between openness and closeness needed for a functional environment and security. The presentation also discusses security certifications and standards such as Common Criteria, NIAP, DISA's Security Technology Information Guides, Phipps 140.3 Standard, and CIS Benchmarks.

• Partnering with companies that specialize in security can help reduce the burden of maintaining software security while still ensuring overall security
• Key concepts of security include confidentiality, integrity, availability, authenticity, non-repudiation, accountability, and anonymity
• There is an ebb and flow between openness and closeness needed for a functional environment and security
• Security certifications and standards such as Common Criteria, NIAP, DISA's Security Technology Information Guides, Phipps 140.3 Standard, and CIS Benchmarks are important for maintaining software security