Description: Software Security Engineer & Dan Reddy, Senior Consulting Product Manager, RSA, the Security Division of EMC
How can a customer understand the configuration of products as they are configured to run on major technology platforms? How can products (applications or appliances) leverage and provide machine readable security configuration information? This session will begin with a brief introduction to the Security Content Automation Protocol (SCAP) set of standards and highlight key benefits for ISVs adopting SCAP. A case study will be presented to show how to transform elements of a prose security configuration guide into machine readable content for the NIST Checklist Program, and the lessons learned in completing this effort.
Matthew Coles is a Security Engineer in the EMC Product Security Office driving security practices enabling secure products, and is active in SAFECode and CWE/SANS Top 25 Most Dangerous Errors.
Dan Reddy is a Sr. Consulting Product Manager in the EMC Product Security Office. He focuses on integrity of EMC products within the software supply chain. Dan is active in SAFECode and the Open Group Trusted Technology Forum. Both are active in SCAP related initiatives.
Tags: securitytube , hacking , hackers , information security , convention , computer security , SOURCE-boston-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.