What's in Your Software?
Web Conference Overview:
New software enters our security ecosystems daily. When we evaluate the software we look for vulnerabilities in the product. Of course we run functional tests, or break out our favorite scanner, to see if there is embedded malware or dangerous deployment requirements, or even bugs in the program. When done, it gets deployed. What happens after deployment is important, but also gets missed. Of course we will catch new vulnerabilities that are directly related to the product, but what about vulnerabilities in the third party components included in the product? Recently this point was driven home by the numerous vulnerabilities in OpenSSL. Most people usually hear about it when it comes as an update from the vendor. What can you do about it? This panel will leverage the insight from seasoned industry leaders as we hear their thoughts.
Click here to listen to the live recording, CPE quiz link at the end of the recording.
Click here to view the Power Point Presentation, CPE quiz link on the last slide.
A passing message is a "Certificate of Attendance" can be printed and used as verification of your participation.
Please PRINT this page and use it to submit CPE (continuing professional education) credit in accordance
with the guidelines of the certifying organization.
Hari M. Pendyala, ISSA Fellow and Member, Chennai, Asia Pacific Chapter
ISSA Web Conference Committee, Session Moderator
Hari M. Pendyala is an ISSA Fellow and has been member of ISSA since 2004. He is currently working as Director and Chief Advisor for Zraddhaa Information Services Pvt. Ltd.; which provides Information Security Services in US, India, Singapore, Malaysia, Thailand, Philippines, Indonesia and South Korea.
He has 19+ years of experience in Information Technology with 14+ years of detailed work in the field of Information Security. He is a CISSP, CISM and ITIL v3 certified professional.
Hari is currently serving as President, Tirupati Information Technology Association and working towards ISSA Bangalore Chapter formation. Hari has served as board member for Silicon Valley ISSA, holding various roles from 2004 till 2009. He thoroughly enjoys teaching and mentoring K-8 kids about Robotics and other science topics. He is also an avid proponent of Green Energy, specifically Solar.
Hari has Master’s in Computer Engineering from Florida Atlantic University, Florida and Bachelor's in Electrical and Electronics Engineering from S.V. University, Tirupati, India.
Chief Security Officer, Sonatype
Before joining Sonatype, Ryan was a co-founder and chief scientist for Ounce Labs which was acquired by IBM in 2009. Ryan holds multiple patents and is a popular speaker, instructor and author, in the fields of security, risk management, and secure application development. Prior to Ounce Labs, Ryan co-founded Qiave Technologies, a pioneer in kernel-level security, which later sold to WatchGuard Technologies in 2000. In the late 1990's, Ryan also designed and developed the infrastructure for GTE Internetworking/Genuity's appliance-based managed security services.
Dan served as Chief Technology Officer, Technology Group, Financial Services Roundtable from January 2010-December 2013. Prior to this he was President of the Financial Services Technology Consortium (FSTC) division, Technology Group, Financial Services Roundtable from April 2005 to January 2010, where he brought broad perspective and depth to the Consortium in leadership, technological impact on business systems and intelligence, and advanced systems in risk management and electronic commerce.
Prior to 2005, Dan was Director and Senior Vice President at Citigroup where he worked for over 23 years working in areas ranging from e-banking, trading systems, risk management, advanced technology, payments and security. He authored the book, Application of Emerging Technologies in Business, to define ways in which business could capitalize on innovation and technological advances.
Dan was first Technical Director of Navy Command, Control and Communications, followed by his serving as Technical Director of US Naval Intelligence. While serving the US Navy, Dan authored several books, including Applied Artificial Intelligence; Parallel and Distributed Processing; and Military Communications, Command and Control.
Dan’s business and technology experience was gained at Sperry Rand/Univac where he served first as Director of New Business for Sperry and later as Director of Systems and Technical Sales Support for the New York Metropolitan Region.
He received his MSEE and Ph.D. in Electronic Engineering from Syracuse University. Upon completing his PhD, Dan went to work at Bell Laboratory, where he supervised the development of complex signal processing for defense projects. After graduation from City College of New York with his BSEE, Dan worked for IBM as a Project Engineer.
Dan published in over 65 publications and has authored 7 books and served on numerous Boards and Standards organizations.