QW2002 Paper 8I1

Robert A. Martin
(The MITRE Corporation)

Vulnerabilities and Developing for the Net

Key Points

Presentation Abstract

This presentation will discuss the CVE Initiative, an international, community-based effort from industry, government, and academia, that is creating an organizing mechanism that will make the finding and fixing of software product vulnerabilities more rapid, predictable, and efficient. The opportunities that this initiative is creating for software developers, security practitioners, and systems owners will be explored. These opportunities are in their systems, products, and services, as well as for their customers. Attendees will be shown the details of several of the most common types of vulnerabilities and their causes, with examples from recent real-world products that have the vulnerabilities. Additionally, the attendees will leave with an understanding of how the CVE Initiative is helping enterprise security management of vulnerabilities and exploits become more predictable, structured, and effective as a result of CVE-enabled information security products, services, and methodologies.

About the Author

A. Martin is the primary point of contact for CVE Compatibility efforts, a co-lead for MITREs Cyber Resource Center web-site and a Principal Engineer in MITREs Information Technologies Directorate. At the culmination of his five years of Y2K leadership and coordination efforts, Mr. Martin served as the Operations Manager of the Cyber Assurance National Information Center, a 24x7 cyber security watch center within the Presidents Y2K Information Coordination Center. Prior to these efforts, Martin developed a standardized software quality assessment process that was used to helped over 100 of MITREs Air Force, Army, and FAA customers improve their software acquisition methods as well as the quality, cost, and timeliness of their delivered software products. Today, Martin's efforts are focused on the interplay of cyber security, critical infrastructure protection, and e-Business technologies and services. Martin received a bachelors degree and a masters degree in electrical engineering from Rensselaer Polytechnic Institute and a masters of business degree from Babson College. He is a member of the ACM, AFCEA, IEEE, and the IEEE Computer Society.