OWASP AppSec DC 2012/Case Study How New Software Assurance Policy Reduces Riskand Costs

The Presentation
Government leaders are operating on reduced budgets and uncertain futures. In this session, we will discuss the costs associated with current software assurance practices and present new research on how a software security assurance (SSA) program, supported by policy and contracting, translates into reduced risk and development costs. In this joint session, John Keane, title, Military Health Services, (the largest hospital system in the U.S.), and Rob Roy, Federal CTO, HP Enterprise Security Group, will share the secrets for obtaining consensus among senior management for a high profile and successful SSA project. They will also discuss bridging the gap between government contractors and vendors when it comes to software quality: learn what requirements MHS has set for its vendors, the tools it requires they use to eliminate security defects and how this process ensures that the organization is purchasing only the cleanest, most secure software.