lunch and presentation: security-by-designa . p r o v id e a s o ftw a r e c o m p o n e n t lis t s...
TRANSCRIPT
![Page 1: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/1.jpg)
Beau Woods, Cyber Safety Innovation Fellow at Atlantic Council
& Co-Founder, I Am The Cavalry
Lunch and Presentation:
Security-by-Design
![Page 2: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/2.jpg)
Beau Woods@beauwoods
![Page 3: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/3.jpg)
![Page 4: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/4.jpg)
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
40,000
45,000
1960 1970 1980 1990 2000 2010
Deaths Lives Saved
Source: NHTSA Publication, “Lives Saved by Vehicle Safety Technologies and Associated Federal Motor Vehicle Safety Standards, 1960 to 2012”
History of Auto
Safety
610,000 Lives Saved
30,000 per year lost
![Page 5: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/5.jpg)
![Page 6: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/6.jpg)
![Page 7: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/7.jpg)
https://intel.malwaretech.com/pewpew.html
Holding a Mirai
to Our Neglect
![Page 8: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/8.jpg)
Individual Human Lives
![Page 9: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/9.jpg)
Public Safety and Health
![Page 10: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/10.jpg)
Technology Supply Chain
![Page 11: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/11.jpg)
Public Health Readiness
![Page 12: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/12.jpg)
Global Shipping & Logistics
![Page 13: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/13.jpg)
Dependence
![Page 14: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/14.jpg)
10 20 30 40 50 60 70 80 90 100
Modern Car
Windows Vista
Hadron Collider
Boeing 787
Android
Google Chrome
Linux Kernel 2.6.0
Mars Curiosity
Hubble Telescope
F-22 Raptor
Space Shuttle
Millions of Lines of Software Code
Complexity
![Page 15: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/15.jpg)
Vulnerability
![Page 16: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/16.jpg)
Range Component
cmNearfield
Serial
meterWi-Fi
Bluetooth
km 3G/4G/5G/LTE
Global Internet
Exposure
![Page 17: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/17.jpg)
Dependence
Complexity
Vulnerability
Exposure
![Page 18: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/18.jpg)
![Page 19: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/19.jpg)
Willingness
Ca
pa
bilit
ies
![Page 20: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/20.jpg)
Willingness
Ca
pa
bilit
ies
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
![Page 21: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/21.jpg)
Willingness
Ca
pa
bilit
ies
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
Ideological
•Hacktivists
• Terrorists
![Page 22: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/22.jpg)
Willingness
Ca
pa
bilit
ies
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
Professional
• Exploit Dev
•Coders
•Criminals
•DDoS
•Blackhat SEO
•Operators
•Social Bots
•Hosting
•Ransomware
•Botnets
Ideological
•Hacktivists
• Terrorists
![Page 23: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/23.jpg)
Willingness
Ca
pa
bilit
ies
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
5kr1p7 K1dd13 Ideological
•Hacktivists
• Terrorists
Professional
• Exploit Dev
•Coders
•Criminals
•DDoS
•Blackhat SEO
•Operators
•Social Bots
•Hosting
•Ransomware
•Botnets
![Page 24: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/24.jpg)
Willingness
Ca
pa
bilit
ies
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
Accident
5kr1p7 K1dd13 Ideological
•Hacktivists
• Terrorists
Professional
• Exploit Dev
•Coders
•Criminals
•DDoS
•Blackhat SEO
•Operators
•Social Bots
•Hosting
•Ransomware
•Botnets
![Page 25: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/25.jpg)
Willingness
Ca
pa
bilit
ies
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
Accident
5kr1p7 K1dd13 Ideological
•Hacktivists
• Terrorists
Professional
• Exploit Dev
•Coders
•Criminals
•DDoS
•Blackhat SEO
•Operators
•Social Bots
•Hosting
•Ransomware
•Botnets
Increasingly Willing
Increasingly
capable
Increasingly
hard to
distinguish
Accident from
Adversary
![Page 26: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/26.jpg)
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
Accident
5kr1p7 K1dd13 Ideological
•Hacktivists
• Terrorists
Professional
• Exploit Dev
•Coders
•Criminals
•DDoS
•Blackhat SEO
•Operators
•Social Bots
•Hosting
•Ransomware
•Botnets
Typical Defensive Level
Willingness
Ca
pa
bilit
ies
![Page 27: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/27.jpg)
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
Accident
5kr1p7 K1dd13 Ideological
•Hacktivists
• Terrorists
Professional
• Exploit Dev
•Coders
•Criminals
•DDoS
•Blackhat SEO
•Operators
•Social Bots
•Hosting
•Ransomware
•Botnets
Typical Defensive Level
Known Good Defensive Practices
Willingness
Ca
pa
bilit
ies
![Page 28: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/28.jpg)
Nation State• IR
•RU
•US
•UK
• FR
• IL
•NK
•SK
•CN
• AU
Accident
5kr1p7 K1dd13 Ideological
•Hacktivists
• Terrorists
Professional
• Exploit Dev
•Coders
•Criminals
•DDoS
•Blackhat SEO
•Operators
•Social Bots
•Hosting
•Ransomware
•Botnets
Typical Defensive Level
Known Good Defensive Practices
Deterrence
Willingness
Ca
pa
bilit
ies
![Page 29: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/29.jpg)
![Page 30: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/30.jpg)
![Page 31: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/31.jpg)
August 2, 2018
Apple became the world’s 1st
$1 Trillion company
![Page 32: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/32.jpg)
August 17, 2018
Sixteen year old pled guilty to
hacking Apple
![Page 33: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/33.jpg)
Forecasted Global
Cybersecurity Spending,
2017-2021:
$ 1 Trillion
![Page 34: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/34.jpg)
ONE HUNDRED PERCENT of
companies
will be hacked
over the same
time period
FORTUNE
![Page 35: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/35.jpg)
![Page 36: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/36.jpg)
![Page 37: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/37.jpg)
Defensible
Infrastructure
Operational
Excellence
Situational
Awareness
•Coordinated
Vulnerability
Disclosure
•DevSecOps
• Visible Ops
• Vulnerability
Management
•Change
Management
•Egress Filtering
•Network
Admission
Control
•…
•Penetration Testing
• Threat Intelligence
•Security Monitoring
• Threat Hunting
•…
•Endpoint Security
• Active Defense
• Intrusion Prevention
• Anti-Everything
•…
Counter-
measures
•Secure by Design
•Secure Baseline Configurations
•Secure Deployment Guidance
•Operating System and Software
Support Lifetimes
•Software Updateable
•Software Ingredients
or Components List
•Evidence Capture and Logging
•…
![Page 38: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/38.jpg)
Defensible
Infrastructure
Operational
Excellence
Situational
Awareness
Counter-
measures
$ $ $ $ $ $ $ $ $ $ $ $ $
$ $ $ $ $ $ $ $ $
$ $ $ $ $
$
$ $ $ $ $ $ $ $ $ $ $
$ $ $ $ $ $ $
$ $ $
![Page 39: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/39.jpg)
Defensible
Infrastructure
Operational
Excellence
Situational
Awareness
Counter-
measures
$
$ $ $ $ $
$ $ $ $ $ $ $ $ $
$ $ $ $ $ $ $ $ $ $ $ $ $
$ $ $
$ $ $ $ $ $ $
$ $ $ $ $ $ $ $ $ $ $
![Page 40: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/40.jpg)
![Page 41: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/41.jpg)
Connections and Ongoing Collaborations
I A
m T
he C
av
alr
y A utomotive 5-Star Cyber Safety F rameworkAll systems fail. What is your ready posture toward failure?« Safety by Design – Anticipate and avoid failure« 3rd Party Collaboration – Engage willing allies to avoid failure« Evidence Capture – Observe and learn from failure« Security Updates – Correct failure conditions once known« Segmentation & Isolation – Prevent cascading failure
https://iamthecavalry.org/5star/
AutomotiveEngineers
SecurityResearchers
PolicyMakers
InsuranceAnalysts
AccidentInvestigators
StandardsOrganizations
GovernmentAgencies
![Page 42: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/42.jpg)
Great Fire
October 8-10, 1871
![Page 43: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/43.jpg)
Built In vs Bolt On
![Page 44: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/44.jpg)
Traceability & Transparency
![Page 45: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/45.jpg)
Collaboration with Security Researchers
![Page 46: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/46.jpg)
![Page 47: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/47.jpg)
![Page 48: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/48.jpg)
Software Security Updatability
Hardware
Replacement
Connected
Updates
Remote
Updates
Automatic
Updates
Increasing Agility & Decreasing Cost
![Page 49: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/49.jpg)
Beau Woods@beauwoods
![Page 50: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/50.jpg)
![Page 51: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/51.jpg)
https://iamthecavalry.org/5starhttps://iamthecavalry.org/oath
![Page 52: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/52.jpg)
Anything sold to the US Government must:
A. Provide a software component list Software Bill of Materials or Food Label
B. Disclose known vulnerabilities
C. Be software updateable
![Page 53: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/53.jpg)
Anything sold to the US Government must:
A. Disclose known vulnerabilities
B. Be software updateable
C. Avoid hard-coded credentials
D. Have a coordinated disclosure policy
![Page 54: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/54.jpg)
Code of Practice for
IoT Security1. No default password
2. Coordinated Vulnerability Disclosure Policy
3. Keep devices updated
![Page 55: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/55.jpg)
Coordinated Vulnerability Disclosure• US Department of Commerce, NTIA Templatehttps://www.ntia.doc.gov/files/ntia/publications/ntia_vuln_disclosure_early_stage_template.pdf
• ISO/IEC 29147 Standard for Vulnerability Disclosure https://www.iso.org/standard/45170.html
• ISO/IEC 30111 Standard for Vulnerability Handling Processeshttps://www.iso.org/standard/53231.html
![Page 56: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/56.jpg)
Procurement
Guidance
https://www.mayoclinic.org/documents/medical-
device-vendor-instructions/doc-20389647
![Page 57: Lunch and Presentation: Security-by-DesignA . P r o v id e a s o ftw a r e c o m p o n e n t lis t S o ftw a r e B ill o f M a te r ia ls o r F o o d L a b e l B . D is c lo s e k](https://reader034.vdocument.in/reader034/viewer/2022051907/5ff9f42505b379356377fd25/html5/thumbnails/57.jpg)
Software Component Transparency (Software Bill of Materials)https://www.ntia.doc.gov/SoftwareTransparency
Device Upgradeability and Patchinghttps://www.ntia.doc.gov/IoTSecurity
Coordinated Security Vulnerability Disclosurehttps://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-cybersecurity-vulnerabilities
President’s Commission Report on Enhancing National Cybersecurityhttps://www.nist.gov/cybercommission