Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 13 • 2:15pm - 3:15pm
Should there be an Underwriters Laboratories certification for software in IoT products?

Sign up or log in to save this to your schedule and see who's attending!

The US Cybersecurity National Action Plan released in February 2016 announced that the US government, specifically the Department of Homeland Security, is collaborating with the Underwriters Laboratories and industry partners to develop a Cybersecurity Assurance Program that would test and certify the security of devices that are part of the Internet of Things (IoT), such as infusion pumps and refrigerators. One of the goals is to ensure that software embedded in these devices is free of vulnerabilities that could be exploited. 

UL certification of software within products is a controversial topic. Proponents point to CyberUL certification as a means of assuring that IoT products meet acceptable standards such as owner-unique passwords, automated software and firmware updates, and IoT product software that is free of SQL injection and Cross Site Scripting flaws. Proponents also see the CyberUL as a proactive measure to provide security safeguards for the vastly expanding digital infrastructure. Opponents point out that it is a major investment in a solution that addresses less than 0.1% of real-world attacks; many would rather see the investment in CyberUL transferred to fixing the problems that account for most attacks, such as unpatched software, bad passwords and users succumbing to phishing. Opponents also say that the cost associated with getting CyberUL certification can create a barrier to the introduction of innovative products.

This panel will discuss the pros and cons of the Cyber Assurance Program’s pursuit of a CyberUL certification and the impact it may have on the application security community. It will appeal to conference attendees who are interested in how policy affects technology, builders of new technologies that are targets for CyberUL certification, and breakers who may see the CyberUL as either an opportunity or a challenge to overcome.

Speakers
avatar for Joshua Corman

Joshua Corman

CTO | Founder | Founder, Sonatype | I am The Cavalry | Rugged
Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing... Read More →
avatar for Anita D'Amico

Anita D'Amico

CEO, Code Dx, Inc.
Anita D’Amico, PhD is a survivor of one of the US government’s other programs for certifying security technology, the National Information Assurance Partnership (NIAP). She is CEO of Code Dx, Inc. which has commercialized innovative application security technology developed by Secure Decisions, an R&D organization which she also directs. She is an evangelist for making secure code development easier and more affordable. Her prior experience... Read More →
avatar for Kevin Greene

Kevin Greene

Department of Homeland Security, Science and Technology
Kevin Greene works in the federal government overseeing software assurance and application security research and development projects. He currently is focusing on the build-out of the Software Assurance Marketplace (SWAMP), a national marketplace and collaborative research forum designed to advance secure software development best-practices within the industry. Kevin has more than 17 years of cybersecurity and information assurance experience... Read More →


Thursday October 13, 2016 2:15pm - 3:15pm
Grand North Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001

Attendees (25)