Home > ASQ Washington, DC &... > Special Interest Groups > Software SIG >> Related Links | Capers Jones stats Printable Version Tell a friend
Software Special Interest Group (SSIG)
The purpose of the Software Special Interest Group is to provide software quality professionals and software professionals interested in quality with an opportunity for growth and exchange of ideas with other software professionals, and to facilitate growth in the number and expertise of the ASQ membership.
- Arrange meetings (currently monthly) at a convenient time and place.
- Provide a diversity of speaker topics within the general heading of software quality.
- Provide knowledgeable speakers from the professional and/or academic worlds.
- Keep in touch with and respond to the professional communities desires for the meetings.
- Reach out to students, who will soon enter the software profession.
- Disseminate information about: ASQ membership, the Software Division, certification, and training opportunities.
For more information about Section 509's
Software Special Interest Group Contact Hung Ngo,
Software SIG Next Meeting
Understanding Cyber Adversaries with
ATT&CK – The Post-Exploit Threat Model
Presented by Dr. Andy Applebaum, Senior Cyber Security Engineer, MITRE
Tuesday, October 25, 2016
5:30 – 6:30 PM – Networking & Open House
6:30 – 7:30 PM - Program
7:30 – 7:45 PM – Announcements
There is no cost to attend at McLean or Silver Spring
Recent breaches have shown an ugly truth: determined adversaries will get into your network. This talk will present the MITRE-developed Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), a framework for describing the actions an adversary may take while operating within an enterprise network after they compromise it. ATT&CK provides a common way to characterize and describe post-compromise adversary behavior and, unlike other models, was developed via red teaming and analyzing public cyber threat intelligence reports: the tactics and techniques in ATT&CK are real ones that adversaries have used in the wild. Using ATT&CK, security personnel can better understand and prepare for what adversaries are doing after they breach a network’s defenses, benefitting business owners and network managers in the process.
In this presentation, we will outline the key features of ATT&CK, describing the tactics, techniques, groups, and software that make up ATT&CK, and outlining lessons learned using the model, including data-based takeaways from ATT&CK and potential use cases. Topics covered will include using ATT&CK for red teaming, defensive gap analysis, threat reporting with ATT&CK, and information sharing.
October Flyer here.
Locations and Registration
The presenters will be at MITRE’s MITRE-2 location with presentation video/teleconferenced to the following locations:
MITRE-2 Building, Room 1N100
7515 Colshire Drive, McLean, VA 22102
Host: Hung Ngo, Phone: 571-765-3333
260 Industrial Way West
Eatontown, NJ 07724
Host: Aaron Dagen, Desk: 732-578-6301
Join online meeting: https://asq509.webex.com/asq509/j.php?MTID=mbe1b51c2d4c0cc7126819b7acedf6218
Join by Phone:
1-650-479-3208 Call-in toll number (US/Canada)
Access Code: 805 274 863
You must register by noon on Monday, October 24th. If you cannot attend at any location, select telephone dial-in when you register.
Non-US Citizens: the FDA site (Silver Spring) cannot host non-citizen visitors. For the MITRE site, if not a US citizen, please provide your title, country of citizenship, employer, and address when registering. Please register at least 2 business daysbefore the meeting to allow for processing.
Past Software SIG Presentations
Software Defects and Software Reliability Assessment presented by Kristine Hejna 05/24/2016
Information System Contingency Plan (ISCP) A Success Story presented by Rob White 03/22/2016
Building Proficiency in Process Improvement Skills presented by Tim Kelley 02/23/2016
Evaluating Hazards in Critical Software Dependent Systems presented by Sushil Birla 12/15/2015
A Lean Approach to Requirements Validation presented by Cary Bryczek 11/24/2015
Mobile Security: the Risk We All Carry presented by Alex Gladd 10/27/2015
Risk Management presented by Mary
Lewis 9/22/2015 -- accompanying document:
US Department of Energy, Risk Management: A
Testing Software where Cause is De-coupled from Effect presented by George Hurlburt 8/25/2015
Software Service Level Agreement and Database HA solutions presented by Michael Chapiro 7/21/2015
and Old Dog new Tricks: Agile
presented by Craeg Strong
Cyber-Security Policy and Ethics presented by Kelly Yamaguchi 5/26/2015
Be Careful What You Pay For presented by Rick Spiewak 4/28/2015
Website Performance Testing Strategies to use in Emergency Situations presented by Rudy Regner 3/24/2015
CISQ Quality Standard Overview and Integrating Security into SDLC presented by Shahid Shah 2/24/2015
“If It Passes Test, It Must Be OK” Common Misconceptions and The Immutable Laws of Software Development presented by Girish Seshagiri 1/27/2015
Quality Testing Challenges with Big
Data presented by Michael Chapiro
Risk Management 103: Risk Metrics Part 2 - Metrics Applications presented by Mike Helton 10/28/2014
Management 103: Risk Metrics Part 1 - Measuring
Risk and the Risk Process
presented by Mike Helton
The Discipline of Software Engineering presented by Mark Doernhoefer of MITRE 08/26/2014
Applying Process Mining to IT Big Data presented by Richard Eng of MITRE 07/22/2014
A Rules Engine Experiment: Lessons Learned on When and How to use a Rules-Based Solution presented by Cris Hutto of MITRE 06/24/2014
Using Agile Principles to Deliver Real Business Value at Scale presented by: Mark Shima and Joseph Hilger 5/27/2014
Building a Software Assurance Road-map and Using It Effectively presented by Robert Martin of MITRE 04/22/2014
Open Source Software and Government presented by David Wheeler of the Institute for Defense Analysis 02/25/2014
Get the Requirements Right...the First Time... presented by Wayne Beekman of Information Concepts 01/28/2014
Success with Enterprise Architecture presented by Phil Homan 12/17/2013
Development of a Configuration Management Standard for a Government Agency presented by Ron Perrella and Russ Roseman 10/29/2013
Leadership and Career Development presented by Joe Ludford 9/24/2013
Model-based Architecture and Engineering presented by Victor Harrison 8/27/2013
Risk Management 102 presented by Mike Helton 7/23/2013
Open Stack presented by Pat Holben 6/25/2013
Requirements Metrics for Requirements Statements presented by Chao Y. Din 5/28/2013
High Maturity Practices and Lifetime Warranty Against Software Defects presented by Girish Seshagiri 4/23/2013
The Rise of Big Data and Data Science presented by Donald Miner 3/26/2013
Risk Management presented by Al Florence 2/26/2013
Near Future of Automated Software Testing presented by Elfriede Dustin 11/29/2012
Software Security Assurance: Enabling Security Automation and Software Supply Chain Risk Management Presented by Joe Jarzombek of DHS 8/30/2012 audio file
Requirements-Management Requirements -- Requistite Doors to Success Presented by Alfred Kromholz of MITRE 7/24/2012 (No slides or audio file available)
Systems Engineering Management Process (SEMP) Presented by Jim Todd of DRC 6/26/2012 (The link is to the audio recording. No slides were used.)
Software Assurance Metrics and Tool Evaluation (SAMATE) Overview Presented by Tim Boland of NIST 5/29/2012.
Exposing Security Risks for Commercial Mobile Devices (CMDs) Presented by Jeff Voas of NIST and Angelos Stavrou of GMU 3/27/2012. audio file
Understanding How the Bad Guys Attack Your Software: CAPEC Presented by Sean Barnum of MITRE 2/21/2012. audio file
Building Watson--An Overview of the DeepQA Project Presented by David A. Ferrucci of IBM 1/24/2012 (slides are not available).
Leveraging Semantic Web Technologies for Improved Decision Making Presented by Samuel Chance 11/29/2011. rescheduled from earlier audio file
Transforming Technical Leads into Effective project Managers Presented by Rita Hadden 9/20/2011. audio file
Leveraging Semantic Web Technologies for Improved Decision Making Presented by Samuel Chance 8/23/2011. meeting canceled
Software Quality in 2011: A Survey of the State of the Art Presented by Capers Jones 7/26/2011.
Overview of the NIST Risk Management Framework as described in SP 800-37 Presented by Lance Kelson 5/24/2011. audio file 1