Special Session on Security Verification
A Vulnerability or a Bug? What's the Difference Anyway? Security Software Verification as Part of the Development Lifecycle
Ofer Maor, CTO, Quotium, and Global Membership Committee, OWASP
Software Security Vulnerabilities are becoming a prominent cyber-attack vector and an increasing concern for organizations. While previously considered as the responsibility of the security team, it is now evident that security vulnerabilities in the code are "just" another software quality issue, different, yet similar, to other quality aspects such as functionality and performance. In this session we will discuss what software vulnerabilities are, how they differ from other ordinary software bugs, yet why they should still be treated as ones. We will explain the challenges QA teams are facing when trying to address such issues, which require different skill set and coverage definitions, and what can be done to enhance this process and streamline it as part of the normal development lifecycle.
Ofer Maor has over sixteen years of experience in information security, and is a pioneer in the application security field. He has been involved in leading research initiatives, has published numerous papers, appears regularly at leading conferences and is considered a leading authority by his peers. He also currently serves as the Chairman of OWASP Israel and a member of the OWASP Global Membership Committee.
In his current role as Founder and CTO of Quotium (through the merger with Seeker Security), Mr. Maor is leading Seeker® - the new generation of application security, allowing organizations to effectively protect their business and data from application threats. He was previously the Founder and CTO of Hacktics®, where he helped create a world-class leading professional security services group, later acquired by Ernst & Young to become a global excellence center.
Before founding Hacktics, Mr. Maor led Imperva's Application Defense Center, a research group focused on application security services and education, where he advanced research activities and was responsible for all the application security services conducted by the company. He was previously a Senior Security Consultant at eDvice, an application security consulting firm, and served for three years as an Information Security Officer in the Israeli Defense Forces.
As in previous years, the post-conference proceedings will be published in Springer's Lecture Notes in Computer Science series (LNCS).