A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Software Security: Game Day. - Evan Oslick @eoslick (BSides Delaware 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

Software Security: Game Day.
Evan Oslick

Most people in Application Security talk about business risk and potential ROI when trying to drive organizations towards implementation of a software assurance programs. They'll speak to architecture reviews/threat modeling, static analysis (aka: code reviews or white box testing), dynamic analysis (aka: vulnerability assessments), and pen testing. They'll refer to charts noting the cost of fixing defects earlier vs later in the process. More often than not, they'll refer to software security vulns are 50% flaws (architecture), 50% bugs (code). The purpose of this talk is to provide an alternative (not different or better) approach to discussing software assurance. Sports is a huge business (recreational, college, pro, high school, any level). The process of game day preparation is one of teamwork - it involves coaches, players, trainers, medical staff, and equipment managers. While fans don't see a lot of the underlying parts, it is the teams that run more efficiently which win championships. Through the use of interaction with the audience, some various movie clips, and demonstrations I will show how each step of the software assurance process maps quite nicely to that game day process.

Back to BSides Delaware 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast