Speaker

Secure software development methodologies: Status-quo and open research problems

Abstract. Secure software development methodologies (SSDMs) prescribe how organizations should organize their software security process. ""Security-by-design"" is all the buzz today, yet it has been more than 20 years that SSDMs are outlining how to develop software securely by ""shifting left"". The famous Microsoft SDL was finalized in 2004, and since then many organizations, governments and research teams have published their own versions of an SSDM. But, after these 20 years, can we confidently say that we are happy with the existing SSDMs?
In my talk, I will summarize the key findings from a study of 28 SSDMs from industry, government organizations and academia. I will discuss the key activities prescribed by the studied SSDMs, review how the SSDMs have evolved in the past 20 years, and will highlight open research problems that are awaiting to be solved.


Bio. Olga Gadyatskaya is associate professor at Leiden Institute of Advanced Computer Science (LIACS), Leiden University (the Netherlands). Prior to joining LIACS, she was postdoctoral researcher at the University of Luxembourg (Luxembourg) and the University of Trento (Italy). Olga holds PhD in Mathematics from Novosibirsk State University (Russia). Her research focuses on organizational cyber security, and she is interested in the interplay of technology and human factors in security. Among her current research interests are secure software development programs at organizations, security risk management, and mobile security.
Organizers