Annual Computer Security Applications Conference (ACSAC) 2022

Full Program »

Panel: Balancing Trustworthiness with Rapid Development

Friday, 9 December 2022
08:30 - 10:00

Classroom 203

Abstract:
Systems requiring higher degrees of trustworthiness have traditionally been developed through time consuming “high assurance” methodologies, methodologies associated with “waterfall” systems engineering life cycle models. But modern challenges and desires for rapidly fielding new capabilities have driven to less use of waterfall models and more use of rapid agile engineering models such as those affiliated with DevOps.

Assurance is a justified confidence that a claim (e.g., the system is adequately secure) has been or will be achieved. Higher levels of assurance are driven by structured arguments informed by data-driven evidence (analysis, test data, and evidence of following proven engineering approaches or “leading practices”) and expert judgments of the evidence. Test and analyses alone can achieve moderate amounts of assurance, while compliance may provide some minimal assurance. How much assurance can be achieved within rapid development environments, is it adequate for any system developed within rapid agile development environments, and, If not, how is are trustworthiness and rapid development objectives traded?

This panel will discuss how much trustworthiness may be achieved in rapid agile development, including if high assurance can be achieved within rapid agile development

Moderator: Mark W Winstead, Mitre

Panelists:
Albert Tao, Extreme Networks
Brian Viola, USAF Platform One
Justin Fisher, Leidos

 



Powered by OpenConf®
Copyright©2002-2023 Zakon Group LLC