Abstract
Governments would like the highest practical security assurance from the software they deploy. In the real world, this is a difficult goal to achieve. In particular, requiring high reliability development practices such as the "Capability Maturity Model" is not practical, as it would significantly limit available functionality. In this talk, we will discuss best practices for achieving security assurance of software, including independent security risk assessments of technology. We will discuss the advantages of open source over proprietary software, and discuss ways to ensure that you get the highest security assurance possible from that community. |
