Visibility & Control: Addressing Supply Chain Challenges to Trustworthy Software-Enabled Things

Abstract

Software is playing a pivotal role in most enterprises, whether they realize it or not, and with the proliferation of Industrial Internet of Things (IoT) and other cyber/physical systems across our society and critical infrastructure and our collective love affair with automation, optimization, and “smart” devices, the role of these types of systems is only going to increase. This talk addresses the myriad of issues that underlie unsafe, insecure, and unreliable software and provides the insights of the Industrial Internet Consortium and other government and industry efforts on how to conquer them and pave the way to a market¬place of trustworthy software-enabled connected things.

As the experience of several sectors has shown, the dependence on connected software needs to be met with a strong understanding of the risks to the overall trustworthiness of our software-based capabilities that we, our enterprises, and our world utilize. In many of these new connected systems issues of safety, reliability, and resilience rival or dominate concerns for security and privacy, the long-time focus of many in the IT world. Without a scalable and efficient method for managing these risks so our enterprises can continue to benefit from these advancements that powers our military, commercial industries, cities, and homes to new levels of efficiency, versatility, and cost effectiveness we face the potential for harm, death, and destructiveness.

In such a marketplace, creating, exchanging, and integrating components that are trustworthy as well as entering into value-chain relationships with trustworthy partners and service suppliers will be common if we can provide a method for explicitly defining what is meant by the word trustworthy. The approach being pursued by these groups for applying Software Assurance to these systems and their Supply Chains by leveraging Structured Assurance Cases, Software Bill of Materials (the focus of this paper), and secure development practices applied to the evolving Agile and DevSecOps methodologies, is to explicitly identify the detailed requirements “about what we need to know about something for it to be worthy of our trust” and to do that in a way that we can convey that basis of trust to others that: can scale; is consistent within different workflows; is flexible to differing sets of hazards and environments; and is applicable to all sectors, domains, and industries.

Full text


?
88:7'3)+,47>(+7.>8/)'1 >89+28**7+88/3-
:551>.'/3.'11+3-+894!7:89<479.> 4,9<'7+
3'(1+*!./3-8

4(+791'3'79/3
!7:8988:7'3)+>(+7!+).3414-/+8+5'792+39
!.+!47547'9/43
+*,47*" 
7'2'79/32/97+47-

-!&)$ % "+   "(!& $!   !%&  &$
"$%%)&$&+$,&!$ !& )&&"$!$&! !
 '%&$ &$ & ! % !  !&$+$+% %+%
&%$!%%!'$%!&+ $& $%&$'&'$ !'$!
&( !( $ )& '&!&!  !"&,&!    .%$&/ 
(%& $! !&% &+"%!%+%&% %! +!  &! $%
%&$%%%&+$!%%'%&&' $' % %
'$ ' $ %!&)$ "$!(% & %&%!& 
'%&$ &$ &! %!$&' !&$!($  &  '%&$+
 !$&%! !)&!! #'$& " (&)+&!$&"
!&$'%&)!$&+%!&)$ ! && %
%&*"$ !%($%&!$%%%!) &"  
! ! &%!&)$ %&!&)&%&$! ' $%& 
  ! & $%% &! & !($ &$'%&)!$& %% ! !'$ %!&)$
%"&%&& )!'$ &$"$%%  !'$)!$ '&,
  +!& %   ) ! &%+%&% % %' % !%&+$&+
 $% $(!$! &! $ %!$%'$&+ "$(+
&! &!'% !  +  & )!$&!'&  %
  & &!!$  &%$%% %!!'$  &$"$%%
 ! & '&! &$!&%(  &%&&"!)$%!'$
&$+!$ '%&$%&% !%&! )(%!
 +($%&&+  !%&&( %%) &"!& &
!$$& %&$'&( %%
 %' $&"$& *     &$& 
!"!  &% && $ &$'%&)!$&+ % ) %  &$   &! ('
 $&! %"%)&&$'%&)!$&+"$& $% %$(%'""
$%) !! ) "$!(&!!$*"&+
  )&% &+&)!$&$'%&)!$&+""$! 
"'$%'+&%$!'"%!$""+ !&)$%%'$ &!&%
%+%&% &$'""+ %+($ &$'&'$%%'$
  %% & !'% ! &% ""$ !&)$  ! &$%
  %'$ (!" & "$&% "" &! & (!(  
 ("%&!!!%%&!*"&+ &+&&
$#'$ &%.!'& )&) &! !)!'&%!& !$
&&! )!$&+ !!'$ &$'%&/  &!! &&  )+ &&)  
! (+ &&%%!&$'%&&!!&$%&&  % % ! %%& &
)& $ &)!$!)%%*&!$ %&%!,$%
  ($!  &%   %""&! %&!$%! %  
 '%&$%
    

"
7+'9/3- +=).'3-/3- '3* /39+-7'9/3- )42543+398 9.'9 '7+
97:89<479.> '8 <+11 '8 +39+7/3- /394 ;'1:+).'/3 7+1'9/438./58
</9.5'793+78'3*8+7;/)+8:551/+78</11(+)42+)42243/,<+
)'3574;/*+'2+9.4*,47+=51/)/91>)43;+>/3-)43,/*+3)+/39.+
97:89<479./3+884,9.48+)42543+398<.+39.+>)42+,7429./7*
5'79/+8'3*'9'72@81+3-9.:+89/438'(4:997:89<479./3+889.'9
3++*94(+'**7+88+*'7+<.'9*4+8/92+'3949.48+/3;41;+*
.4<)'39.+>2+'8:7+'3*85+)/,>9.+*/,,+7+39'85+)98'3*7+
6:/7+2+3984,9.+97:89<479./3+88%&'3*.4<)'39.+,:1
,/112+394,9.48+7+6:/7+2+398(+)'59:7+*'3*)43;+>+*9449.
+78 '3* 9.+3 )42(/3+* /394 8>89+28 )42543+398 '3* ;'1:+
).'/38
 !$!
$/9.9.+ '*;+394,9.+/39+73+94, 9./3-8'3*9.+)439/3:+*
574-7+88/43 4, 2/)74 9+).3414-> '3* 84,9<'7++3'(1+* )43
3+)9+*2/)74+1+)9743/)8'**7+88/3-9.+8+):7/9>'88:7'3)+4,9.+
/3*/;/*:'1)42543+3984,'8>89+2/8(+)42/3-247+'3*247+
57+;'1+39
3,47+='251+9.+7+<'83484,9<'7+/3'.+;>#+-'
(+)':8+9.+7+<+7+342/)74+1+)9743/)84<+;+74;+79.+8:(
8+6:+39>+'782'3>4,9.+)7/9/)'1,:3)9/4384,9.+)'724;+*
,742 5.>8/)'1 )433+)9/438 94 84,9<'7+ '3* 3+9<470+* 43+8
')0/3 9.+ )433+)9/43,7429.+ '))+1+7'947 5+*'1949.+
)'7(:7+947<'8'5.>8/)'174*47)'(1+!4*'>9.+7+/8'8+3847
/39.+5+*'19.'9/89.+3)433+)9+*9.74:-.')422:3/)'9/43(:8
94'3+1+)97/)9.74991+;'1;+)4397411+79.'9/39+757+98'3*)43;+>8
9.+')9/438,742 9.+5+*'1949.+ 9.74991+ !.+7+/834 143-+7 '
5.>8/)'1)433+)9/43/9/8'11+3'(1+*(>84,9<'7+'3*3+9<470+*
)422:3/)'9/43(:8+8!.'98'2+97+3*4,24;/3-,7425.>8/)'1
9484,9<'7++3'(1+* )433+)9/438<'85'7'11+1+*(>').'3-+/3
9.+ <'> ;+./)1+8 </7+* 9.+/7 *+;/)+8 ')0 /3 9.+ 
9/2+,7'2+9.+7+<+7+')9:'15.>8/)'1</7+8-4/3-(+9<++3+').
/9+2<.+3'3>9<43++*+*94)422:3/)'9+)43974143+'349.+7
47574;/*+54<+7
!.+8'2+2/-7'9/434,5.>8/)'1)433+)9/43'3*)43974194'
(:8897:)9:7+ .'89'0+351')+ ,47'114, 9.+)7/9/)'1,:3)9/438/3



<+./)2+9 4 '**/:/54 :5 .'</4- '22 :.+9+ )8/:/)'2 ,;4):/549 *+
6+4*+4: 54 95,:='8+ '4* 4+:=581/4- :.+ 95,:='8+ :.': *8/<+9
:.+9+'(/2/:/+9 4++*9:5(+ ;6*':+*'4*9;9:'/4+*5<+8:.+ 254-
:+83(5:.:5,/>,2'=9'4*:5'**,;4):/54'2/:?
9=+)544+)::./4-9+/:.+8*/8+):2?58:.85;-.=581,25=9
:.+7;+9:/545, =.+:.+8 58 45:'96+)/,/)9?9:+3 /9 9+);8+ '4*
9',+4++*9:5,5);954:.+/4:+8'):/54=/:.:.':9?9:+3/*:.+
5=4+895,:.59+5:.+89?9:+3'**8+99/99;+9'(5;:6':)./4-'4*
<;24+8'(/2/:/+9)54,/-;8/4-95,:='8+)588+):2?(;/2*/4-:.+95,:
='8+9+);8+2?'4*8+9/2/+4:2?=./2+'**8+99/4-=+'14+99+9:.':
)5;2*2+'*:5;49',+58/49+);8+56+8':/545,:.+/89?9:+39
!.+:8+4*9'4*3'81+:,58)+9:.':35:/<':+*'4*+4'(2+*:.+
).'4-+9 /4 :.+ ';:535:/<+ /4*;9:8? '8+ +7;'22? '662/)'(2+ :5
5:.+8/4*;9:8/+99;). '9 )533+8)/'2 :8'49658:':/54 /4-+4+8'2
.+'2:.)'8+9?9:+39)8/:/)'2/4,8'9:8;):;8+'</54/)99./66/4-8+
:'/29?9:+39'4*(;/2*/4-9+);8/:?'4*';:53':/54
!" !#!$A!" ! "
#/:.:.+6+8<'9/<+68+9+4)+5,95,:='8++4'(2+*)'6'(/2/:/+9
'::')1+89)'445=,5);954)?(+86.?9/)'2'99+:9</':.+/8)?(+8
+2+3+4:9'9/22;9:8':+*/4/-;8+ ',+:? 45= /4<52<+9 8/919
'995)/':+*=/:.)544+):/</:?('9+*54:.+/445<':/545));88/4-
'85;4*5!!.+:8'*/:/54'29',+:?+2+3+4:9+>6'4*(+?54*,/8+
+2+):8/)9.5)1586.?9/)'2.'83:5:.++>,/2:8':/545,*':'685
)+99/362/)':/549 :.':)'4',,+): 9?9:+398+2/'(/2/:?'4* 8+9/2/
+4)+ '4* :.+ 5<+8'22 /36'): 5, 4+=+8 :+).4525-? :5 :.+ /4
:+4*+*;9+5,685*;):9'4*9?9:+39
93'4?.'<+65/4:+*5;:5<+8:.+6'9:,+=?+'89%&
=+3;9:+<52<+,8530;9: '4 ! 8/91 =582* </+= =.+8+=+8+
=588/+*'(5;::.+25995,/4,583':/545825995,'9+8</)+:5'4
56+8':/54'28/91</+==.+8+=+)549/*+825995,9',+:?:.++>
6'4*+*)54)+6:5,9',+:?'4*8+2/'(/2/:?5825995,2/,+'4*6856
+8:?#/:./4:.+=581%&'99.5=4/4/-;8+=+.'<+6;:
:./9 :5-+:.+8 ;4*+8 :.+ 8;(8/) 5, :8;9:=58:./4+99 =.+8+ :.+
9',+:?68/<')?8+9/2/+4)+8+2/'(/2/:?'4*9+);8/:?(+.'</5895,'
9?9:+3 =./2+ 45: '2='?9 :.+ 9'3+ /4 685658:/54 '8+ '22 /4
:+8'):/4-
+8/</4- ' 3+:.5*525-? ,58 :8;9:=58:./4+99 ')8599 '
3'81+:62')+=+(+2/+<+8+7;/8+9(;/2*/4-'99;8'4)+)'9+94+
5,:.+1+?/*+'9=/:.'99;8'4)+)'9+9/9:5*+<+256'4*-':.+8'22
:.++</*+4)+:.':/9-5/4-:5(+;9+*:5)54</4)+:.+9:'1+.52*+89
:.'::.+ 9?9:+36856+8:/+9 :.+9?9:+3)2'/39'4*8+7;/8+3+4:9
'8+(+/4-,;2,/22+*=/:.8/919:.':'8+'))+6:'(2+58145=4
/-/919'4*36'):9>6'4*=/:..?9/)'2 ?9:+39
/-/919'4*36'):9>6'4*=/:..?9/)'2 ?9:+39
!.+8+ '8+ :=5 3'/4 68+8+7;/9/:+9 /4 *+<+256/4- '99;8'4)+
)'9+9
'4 +>62/)/: 9:':+3+4:9 5, :.+ '99;36:/549 '4*
68+8+7;/9/:+9,58:.+'99;8'4)+
(2'/35,9?9:+3:8;9:=58:./4+99'4*/:99;()2'/39
/-;8+  (+25= 9.5=9 ' 358+ 8+'2/9:/) '99;8'4)+ )'9+
/22;9:8':/54 =./). /9 '4 '99;8'4)+ )'9+ 5, '99;8'4)+ )'9+9 4
:./9/22;9:8':/54:.+8+'8+*/,,+8+4:'99;8'4)+)'9+99.5=4
').5,:.+3)'4(+)549:8;):+*/4*+6+4*+4:2? ,?5;8'9
9;36:/549'8+)5362+:+'4*?5;)'4'8-;+:.'::.+'99;36:/549
5,+').)'9+'8+(+/4-,;2,/22+*(?:.++4)536'99/4-9?9:+3'4*
/:9'99;8'4)+)'9+:.+4?5;)'4)53659+:.+9',+:?8+2/'(/2/:?
9+);8/:? '4* ,;4):/54'2 8+7;/8+3+4:9 5, ?5;8 9;(9?9:+39 '4*
:.+/8'99;8'4)+
$5;)'4,/4*9:'4*'8*9*+,/4/4-:.+685)+99'4*'):/</:/+95,
)8+':/4-'4 '99;8'4)+)'9+%& +>).'4-/4-'99;8'4)+ )'9+9%&
'4*;9/4-'99;8'4)+)'9+9:5.52*:.+);88+4:)53659/:+9:':+5,
:.+9?9:+391+?(+.'</589%&#/:./4:.+4*;9:8/'24:+84+:
+,+8+4)+ 8)./:+):;8+ %& '4* 4*;9:8/'2 4:+84+: +);8/:?
8'3+=581 %& =+ */9);99 ;:/2/@/4- '99;8'4)+ )'9+9 '9 .'9
 %&:.+%& !%&'4*6850+):9-5/4-
54/4:.+"%&
!.+1+? /*+' /9 :.': '99;8'4)+ )'9+9 )'4 -':.+8 '22 :.+ 8+
7;/8+*/4,583':/54/4)2;*/4-+</*+4)+5,3++:/4-9?9:+3:8;9:
=58:./4+99)2'/39'(5;::.+9?9:+39).'8'):+8/9:/)9'4*58-'4
/@+/:,58 '99+993+4: ')8599:.+2/,+)?)2+ 5, :.+/:+3'4*45=
:.'::.+8+ /9'9:'4*'8*,58+>).'4-/4- '99;8'4)+)'9+9%&=+
'9' 3'81+:62')+)'4)53659+ '99;8'4)+)'9+92+<+8'-/4-5:.
+89B=581
/-53659/:/545,99;8'4)+'9+9



0.
#! #  
 ! 
56;/,9 2,@ (:7,*; ()6<; ;/, :6-;>(9, (5+ :6-;>(9,
,5()3,+*64765,5;:6-(:@:;,40:;/,5,,+-69(-6*<:65;/,
:6-;>(9,B: 05;,5+,+ <:, 05 :<7769;05. 0;: 6)1,*;0=, (5+ ;/,
5,,+;6(*;0=,3@;9@;6+,;,9405,>/,;/,9;/,:6-;>(9,*(5),
05-3<,5*,+)@/(A(9+:(5+(;;(*2:(5+ ;/9,(;: 05 ( >(@ ;/(;
047(*;: ;/(; 7<976:, >/0*/ ;/, :6-;>(9, 0: :<7769;05. 69
+,30=,905. !/,9, (9, 256>5 (;;(*2 7(;;,95: (5+ /(A(9+
:;9<*;<9,:;/(;*(5),,?,*<;,+)@(;;(*2,9:69/(77,505;/,
7/@:0*(3>693+(5+(9,(7730*()3,;6;/,:6-;>(9,0;0.(;065
:;9(;,.0,:-69;/6:,(;;(*27(;;,95:*(5),*6+,9,=0,>:+,:0.5
9,=0,>: +@5(40* ;,:;05. -<AA05. *644<50*(;065: (5+
05;,9-(*,: (;;(*2 :<9-(*, (5(3@:0: 69 7,5 ;,:;05. !/0: *(5
796=0+,*65-0+,5*,;/(;,0;/,9;/,=<35,9()030;0,:(9,56;;/,9,
69;/(;;/,09047(*;;6;/,67,9(;065:/(:),,540;0.(;,+!/0:
796*,::0:033<:;9(;,+050.<9,()6=,
5,6- ;/,>(@:;/(; 05+<:;9@<:,:;6(9;0*<3(;,76;,5;0(3
:6-;>(9, =<35,9()030;0,: :6 ;/(; ;/,@ *(5 <5+,9:;(5+ >/,5
6;/,9:(9,;(3205.()6<;;/,:(4,;/05.0:;/96<./;/,<:,6-
;/,64465#<35,9()030;0,:(5+ ?76:<9,:# 050;0(;0=,
&'>/0*/:;(9;,+05 (5+ 0: 56> <:,+ ;/96<./6<; ;/,
05+<:;9@ 6- :6-;>(9,)(:,+ :@:;,4: !/,9, 0: (3:6 ;/,
64465#<35,9()030;@ *6905. @:;,4#  &'>/0*/
0: ( 90:2 :*6905. 4,*/(50:4 -69 790690;0A05. ;/6:,
=<35,9()030;0,: 56;/,9 4,*/(50:4 <:,+ 05 ;/, :6-;>(9,
*644<50;@ ;6 +0:*<:: ;/, ;@7,: 6- =<35,9()030;0,: 0: ;/,
64465$,(25,::5<4,9(;065$&'>/0*/0: ;/,
(*;<(3 >,(25,::,: ;/(; 4(50-,:; (: =<35,9()030;0,: !/,9, 0:
(3:6 ( :*6905. :@:;,4 -69 790690;0A05. (5+ -6*<:05. 65 ;/,
>,(25,::,: ;/(; 4(;;,9 *(33,+ ;/, 64465 $,(25,::
*6905. @:;,4$ &'(5+(:;(5+(9+>(@6-9,-,9905.
;6;/,(;;(*2 7(;;,95: 64465 ;;(*2(;;,955<4,9(;065
(5+ 3(::0-0*(;065  &' !/,@ (9, (33 +,:*90),+ 05
05;,95(;065(3 :;(5+(9+: 7(9; 6- ;/, 5;,95(;065(3
!,3,*644<50*(;065 "5065B: !,*/50*(3 ;(5+(9+ ,90,:
%&'
#" !! !  !
! 
=(3<(;05. (5+ (::,::05. :6-;>(9, 0: (33,5*647(::05.
,(:65()3,9,(3>693+ :63<;065:9,8<09, <:05.4<3;073,;,*/
508<,:;/(;(9,:<0;,+-69:7,*0-0*:*,5(906:(5+.,;;05.>0+,
*6=,9(., 05:;,(+ 6- ( 65,:0A,-0;:(33 46+,3 !/, +0(.9(4
:/6>5 05 0.<9,  :/6>: ( 3(9., 5<4),9 6- ;,:; *(:,: 6-
>,(25,::,:-69(5+(=(&'>/,9,:,=,9(3;663:>,9,9<5
65;/,;,:;*(:,:;6:,,>/0*/6-;/,;663:*6<3+-05+;/,>,(2
5,::,:
:@6<*(5 :,,05-0.<9,  ),36>;/,9,0: (36;6->/0;,
:7(*, :/6>5 05 ;/,:, ;>6 736;: 6- ;663 *6=,9(., 6- ;/, ;,:;
*(:,:-69(5+(=(>/0*/4,(5:;/(;;/,;663:+0+56;-05+
;/,;/05.:;/(;>,9,05;/6:,;,:;*(:,:+,5;0-@05.;/,90./;
;,:;05.*(7()030;@-69;/, 796)3,40: 0+,(3!/,>692;/(;;/,
5:;0;<;,-69,-,5:,5(3@:0:+0+-69;/,,7(9;4,5;6-,
-,5:,05 ;/,09 ;(;,-;/,9;,769;&'3662,+(;;,:;05.
4,;/6+:),@65+1<:;;663:(5+;/,-05+05.>(:;/,:(4,(36;
6->/0;,:7(*,
0.6=,9(.,6- 6-;>(9,$,(25,::::,::4,5;!663:

















 !(
#%$
*#$
*#%%
%'%! 
%%# $
$
 $$$
$ !& %#
$&#$
 %! $
 
"%$%!
$$! 
"%$
$$! &$ $$
"%$
“Counter Measures - Actions” include:
choices about architecture, design, physical decomposition, and operational approaches;
adding/changing security/safety functions, protection schemes, activities & processes;
use of static & dynamic code assessments, dynamic testing, physical testing, and pen testing;
attack surface & fault-tree anal
y
sis, architecture and desi
g
n reviews
)$%
)$%&#%)
  # 
#$










53!-@/45:3;B1>-31@;*1-7:1??1?;2:@1>1?@

? ?4;C: 5: 53A>1  @41 -<<>;<>5-@1 @;;8 ;> 01@1/@5;:
@1/4:5=A15?9-@/410C5@4@41->@52-/@?;@4-@@41C1-7:1??1?
E;A /->1 -.;A@ ->1 -00>1??1001@1/@10 01:@52E5:3 9A8@5<81
@1/4:5=A1?5:?@1-0;2;:12;>-9A8@5@A01;2C1-7:1??1? C588
<>;B5013>1-@1>/;B1>-31
)#%*% ##"'#('&
: -: 1B1>5:/>1-?5:3 /;::1/@10 C;>80 C5@4 1D<;:1:@5-8
?;2@C->1/;9<;:1:@?1:?A>5:3@4-@?E?@19?01?53:10@;0-E
/-:<>;B501@>A?@C;>@45:1??5:?1/A>5@E?-21@E<>5B-/E>1?58
51:/1-:0>185-.585@E 5? :1/1??->E(:01>?@-:05:34;C @; 01
25:1C4-@@>A?@C;>@45:1?? 5?.E2;/A?5:3 ;:-0125:5@5;: ;2-
?E?@19L?@>A?@C;>@45:1?? -:0-??A9<@5;:?9-01 /-:.1A?10
@;01B18;< -??A>-:/1/-?1?'41?1 -??A>-:/1/-?1?-88;C @41
-.585@E@;?<1/52E-:0@41:91-?A>1@41@>A?@C;>@45:1??(?5:3
5:@1>:-@5;:-88E>1/;3:5F10@1/4:5=A1?@;.A580;:-??1??91:@
/-<-.585@51? 2;> @>A?@C;>@45:1?? ?A/4 -? ) * -:0
$<>;B501->;.A?@38;.-8?@-:0->0@4-@C;A80-88;C-:
1-?E 91@4;0 @; /;99A:5/-@1 @41 @>A?@C;>@45:1?? 91-?A>1
%1/;3:5F5:3-8?; @4-@501:@52E5:3@41@>A?@C;>@45:1??/>5@1>5-
@4-@5? -<<85/-.81@;@41 ?E?@195:@41 1:B5>;:91:@@4-@5@ 5?
;<1>-@5:3<>;B501? /8->5@E2;>@41-??1??91:@ '45?/-:@41:
81-0@;81B1>-35:3;2?@-:0->05F10&@>A/@A>10??A>-:/1-?1?
@;1:-.81-9->71@<8-/1;2@>A?@C;>@4E/E.1><4E?5/-8?E?@19?
/;9<;:1:@?-:0>18-@10/-<-.585@51?
%%"&
+,:0A?@>5-8:@1>:1@;:?;>@5A9:0A?@>5-8:@1>:1@;2'45:3? );8A91
 &1/A>5@E >-91C;>7K $()$ 
4@@<?CCC55/;:?;>@5A9;>3&4@9
+,:0A?@>5-8:@1>:1@;:?;>@5A9 :0A?@>5-8:@1>:1@;2'45:3? );8A91
 );/-.A8->EK $()$ 
4@@<?CCC55/;:?;>@5A9;>3B;/-.
+,"&':@1>-31:/E%1<;>@';C->0-$>18595:->E>-91C;>7 2;>
??1??5:3 @41 '>A?@C;>@45:1?? ;2 &;2@C->1
4@@<?CCC:5?@3;B<A.85/-@5;:?@;C->0<>18595:->E2>-91C;>7
-??1??5:3@>A?@C;>@45:1???;2@C->1
+,&"&:?@5@A@1J&1/A>5@E5:-;:B1>35:3'#'*;>80K";B19.1>
 4@@<?CCC?-:?;>3>1-05:3
>;;9C45@1<-<1>?-:-8E?@?1/A>5@E/;:B1>35:35@;@C;>80
+,->@:1> J' -:0 #<1>-@5;:-8 '1/4:;8;3E ;:B1>31:/1 853:91:@
-:0:@13>-@5;:K!->/44@@<CCC3->@:1>/;9>1?0
+,&#  ??A>-:/1 -?1 
4@@<?CCC5?;;>3;.<A55?;?@05?;51/10B1:
+,#!L? &@>A/@A>10 ??A>-:/1 -?1 !1@-9;018  &! 
!->/44@@<?CCC;93;>3?<1/&!
+,:0A?@>5-8:@1>:1@;:?;>@5A9:0A?@>5-8:@1>:1@;2'45:3? );8A91
 %121>1:/1 >/45@1/@A>1K $()$
4@@<?CCC55/;:?;>@5A9;>3%4@9
+,"-@5;:-8 1>;:-A@5/? -:0 &<-/1 095:5?@>-@5;: "& J"&
&E?@19&-21@E -:0.;;7 );8A91 &E?@19&-21@E>-91C;>7 -:0
;:/1<@? 2;> 9<8191:@-@5;:K "&&$ )1>?5;: 
";B19.1> 4@@<?:@>?:-?-3;B->/45B1:-?-/-?5:@>?:-?-3;B
<02
+,"-@5;:-8 1>;:-A@5/? -:0 &<-/1 095:5?@>-@5;: "&
J(:01>?@-:05:3 *4-@ @ !1-:? 2;> ??A>-:/1 -?1? @; J*;>7KK
"&%I
4@@<?:@>?:-?-3;B->/45B1:-?-/-?5:@>?:-?-3;B<02
+,"-@5;:-8 1>;:-A@5/? -:0 &<-/1 095:5?@>-@5;: "& JE:-95/
&-21@E -?1? 2;> '4>;A348521 &-21@E ??A>-:/1 I "&K
4@@<?@5->/:-?-3;B<A.85/-@5;:?0;C:8;-0
+,;;0-:0>A3 095:5?@>-@5;:J:2A?5;:$A9<9<>;B191:@
:5@5-@5B1K
4@@<?CCC20-3;B9105/-801B5/1?<>;0A/@?-:09105/-8<>;/10A>1?
31:1>-84;?<5@-801B5/1?-:0?A<<851?5:2A?5;:<A9<?A/94@9
+,"-@5;:-8 :?@5@A@1 ;2 &@-:0->0? -:0 '1/4:;8;3E "&' J"&' &$
);8 &E?@19? &1/A>5@E :35:11>5:3;:?501>-@5;:? 2;> -
!A8@505?/5<85:->E<<>;-/45:@41:35:11>5:3;2'>A?@C;>@4E&1/A>1
&E?@19?K  !->/4  4@@<?:B8<A.?:5?@3;B:5?@<A.?
&<1/5-8$A.85/-@5;:?"&'&$B<02
+,'  >5@5/-8 :2>-?@>A/@A>1 $>;@1/@5;: (?5:3 0-<@5B1 ! &
4@@<CCC/5@-018<>;61/@;>3
+,!'% ;><;>-@5;: J;99;: )A8:1>-.585@51? -:0 D<;?A>1?
)GK4@@<?/B195@>1;>3
+,%&' J;99;: )A8:1>-.585@E &/;>5:3 &E?@19 )&&K
4@@<?CCC25>?@;>3/B??
+,!'% ;><;>-@5;: J;99;: *1-7:1?? :A91>-@5;: *HK
4@@<?/C195@>1;>3
"#
!##
"""
Code Review
Static Analysis Tool A
Dynamic Analysis Tool C
%!
Static Analysis Tool B
Fuzz Testing
Pen Testing
Blue Teaming
Red Teaming
Design Review
Attack Surface Analysis
#"
# $"&#

"!"!
$#(
!##$!
"
!""

!'
$!'
%!#'"#
"""#&!

 $!#"
!##" ##
#"



#$ 25325%7-21 ?20021 !)%.1)66 '25-1+ <67)0
!>@,7736':)0-75)25+':66
#$ 25325%7-21 ?20021 77%'. %77)51 180)5%7-21 %1(
,%5%'7)5-=%7-21>@,7736'%3)'0-75)25+
#$17)51%7-21%/)/)'20081-'%7-2161-217%1(%5(-=%7-21)'725
?" 2002198/1)5%&-/-7-)6%1();32685)6@ 
,7736:::-78-175)'"
#$17)51%7-21%/)/)'20081-'%7-2161-217%1(%5(-=%7-21)'725
 ?" 20021 98/1)5%&-/-7< 6'25-1+ 6<67)0@   
,7736:::-78-175)'"
#$17)51%7-21%/)/)'20081-'%7-2161-217%1(%5(-=%7-21)'725
 ?" 20021 :)%.1)66 )180)5%7-21@ 
,7736:::-78-175)'"
#$17)51%7-21%/)/)'20081-'%7-2161-217%1(%5(-=%7-21)'725
?"20021%77%'.3%77)51)180)5%7-21%1('/%66-*-'%7-21@
,7736:::-78-175)'"
#$17)51%7-21%/)/)'20081-'%7-2161-217%1(%5(-=%7-21)'725
 ?" 20021 :)%.1)66 6'25-1+ 6<67)0@ 
,7736:::-78-175)'"
#$%7-21%/ 167-787) 2* 7%1(%5(6 %1( )',12/2+<  ?2*7:%5)
6685%1'))*)5)1')%7%6)7@,77366%0%7)1-67+29
#$167-787) *25 )*)16) 1%/<6)6 ?7%7)2*7,)57 )6285')6 
*25 2*7:%5) 8/1)5%&-/-7< )7)'7-21 )67 %1( 9%/8%7-21@ 
,7736:::%'426(0-/6)(2'63(*
