System Assurance PTF Agenda

OMG Technical Meeting
Orlando, FL

2023-06-18 to 2023-06-23
Timezone: EDT (UTC-0400)

Up to date agenda can be found at: https://omg.org/events/2023Q2/agendas/SysAPTFCalendar.html


Tue 2023-06-20
13:00-15:00 Joint Meeting with C4I on DevSecOps Standards Efforts
Wed 2023-06-21
09:00-09:15 Gathering and agenda review
Leading: Co-char
09:15-10:00 Acquisition Security Framework (ASF): Informing Software Bill of Materials (SBOM) Use Cases and Risk Reduction
Speaker: Dr. Carol S. Woody

Abstract

Software Bill of Materials (SBOM) is gaining attention recently. By itself, an SBOM has limited value, but there is great potential if properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of leading practices for building an SBOM and using it to support risk reduction. It provides a roadmap for managing vulnerabilities and risks in third-party software, including commercial-of-the-shelf (COTS) software, government-of-the-shelf (GOTS) software, and open-source software (OSS). A set of use cases informed the foundation for identifying SBOM practices, including building an SBOM and using it to manage risks to software intensive systems.  Those foundational practices were augmented using key security management concepts, such as the need to address requirements, planning and preparation, infrastructure, and organizational support. In this presentation, we will show how organizations can connect SBOMs to acquisition and development to support improved system and software assurance.


10:00-10:30 Break
10:30-11:00 ISO 5055 Automated Source Code Quality Measures
Speaker: Dr. Bill Curtis
11:00-11:30 Manual cybersecurity Practices considered harmful
Speaker: Dr. Nick Mansourov
11:30-12:00 TBD
12:00-13:00 Lunch

Generated at: 2023-06-10 17:54 US/Eastern