Acquisition Oversight for Software Assurance

Software management is too frequently ignored or addressed piecemeal in systems. Cyber threat actors take advantage of gaps and errors in their attacks, which they can accomplish throughout the lifecycle. Exploiting these gaps and errors allows them to compromise processes, practices, and procedures that touch a system’s design, component development, and supply chain to bypass controls and leverage available vulnerabilities. Key software assurance activities must be embedded within the acquisition lifecycle to effectively combat these threat actors.

What Will Attendees Learn?

How software assurance can be addressed with limited cost and schedule impact if it is effectively integrated into the acquisition lifecycle
Which knowledge and resources are critical to software assurance and the risks that can be missed if they are underrepresented
Key aspects of managing acquisition and development that are critical to software assurance and why they are important

Speaker and Presenter Information

Dr. Carol Woody is a principal researcher for the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU). She leads developing the team-building capabilities and competencies for measuring, managing, and sustaining software assurance and cybersecurity for highly complex software-intensive systems and supply chains throughout the acquisition lifecycle. She has successfully implemented solutions in many domains, including banking, mining, manufacturing, government, and finance. Dr Woody coauthored the book Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which was published by Pearson Education as part of the SEI Series in Software Engineering. The CERT Cybersecurity Engineering and Software Assurance Professional Certificate is based on research she led.

Michael S. �Mike� Bandor is a Senior Software Engineer in the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU). He is responsible for leading teams that enable organizations within the Department of War (DoW) and other customer organizations to enhance the predictability of their performance and their mission assurance in the acquisition, evolution, and operation of software-reliant systems. Mike joined the SEI in May 2005.

He has more than 36 years of experience with DoW systems, including business systems, command and control systems, satellite systems, ground systems, aircraft, and ground-based radar systems. During his career with the SEI, he has participated in multiple Independent Technical Assessments (ITAs) and performed Technology Readiness Assessments (TRAs) of various Air Force systems and was a Subject Matter Expert for a U.S. Government Accountability Office (GAO) TRA Guide.

Prior to joining the SEI, he was an enlisted computer programmer (Master Sergeant � E7) in the U.S. Air Force and is a graduate of the Air Force Institute of Technology�s Software Professional Development Program (SPDP). He retired from the USAF in May 2005 after serving almost 23 years of active-duty service. He holds a Bachelor of Science degree in Computer Science/Software Engineering from Weber State University, graduating Magna Cum Laude. He also holds CERT Cybersecurity Engineering and Software Assurance Professional certifications from the SEI.

Mike is also a member of the Institute of Electrical and Electronics Engineers, American Institute of Aeronautics and Astronautics, and the Air and Space Force Association.