The overall objective of SHIELDS is to bridge the gap between security experts and software developers, in order to reduce the number of vulnerabilities in software. In order to accom-plish this goal, it will be necessary to get the software industry interested, and ideally in-vested, in SHIELDS.
Within the scope of the SHIELDS project, there is room for targeted efforts towards key industry players, but in addition to that it may be possible to market SHIELDS to local industry near each of the project participants. This can be accomplished without taxing the resources of SHIELDS far beyond what was envisioned in the project plan.
The SHIELDS consortium will collaborate on creating event materials (e.g. presentations, demos etc), to be used by each partner for arranging industry events, the material is due to be published on the web site.
The consortium decided to concentrate its efforts on Presentation and Demonstration of the SHIELDS concept and on One-on-one communications with industry players:
Presentations and demonstrations of the SHIELDS concept. The purpose of this type of event is to create awareness of SHIELDS as whole and further interest in future SHIELDS-related events. In a series of events, this would be one of the first, as it can be easily delivered to a large audience. In order to attract a larger audience, this could be combined with invited speakers in the area of software security. To assure a wide well targeted audience, these events will be organised in specialised workshops that are part of international conferences in the fields of software, telecommunications, testing and security. They will also be organised together with other EU and Local events in the field with the support of associations that regroup Industry and Academia.
One-on-one communication with industry players. This type of events will be carried out by SHIELDS partners in order to get local industrial players aware of SHIELDS possibilities, and receive first hand feedback from the industry. Interviews will be held with identified key players in short term to get their opinions and feelings on the SHIELDS concept and expected results. Once the SHIELDS results are more developed, these interviews will serve as the basis to show SHIELDS methods and tools, explain the benefits and get direct feedback on specific results.
Tutorials on software security. Many software developers are beginning to realise that soft-ware security is important. While not necessarily directly related to SHIELDS, tutorials on software security could attract large numbers of participants and be a forum for presenting SHIELDS or teaching parts of the SHIELDS approach.
Euskadi Empresa Digitala presented basic concepts of secure engineering, focusing on aspects of including security within the development process, tools and solutions available on the market that cover each software development phases.
Directed primarily at companies with a major development, people with special interest in tools for improving the code and people with skills in different environments.
Experts in the area quality assurance presented innovative test and inspection techniques as well as modelling techniques to the audience. The main focus was in automating tests (automated generation, execution and analysing the results of the test cases).
Scientific event coordination and promotion of research for the software and programming language research community, focused on young researchers. Dissemination of research works done in the field. Help with the development of young researchers. The participants only made general questions to clarify some details about the presentation.
Around 200 people from the different french research community working groups:
AFSEC, COSMAL, FORWAL, IDM, LaMHA, LTP, MFDL, MTV2,RIMEL, GT TRANSFORMATION
Organizer: GDR Génie de la Programmation et du Logiciel (GPL) - CNRS
The Software Technology Initiative e.V. provides diversified services in the field of software engineering, with particular focus on small and medium enterprises. This includes in addition to training and consulting in particular the exchange and access to research and development in this area so important for the industry. The Software Technology Initiative e.V. was founded in 1997 in the form of a registered association in Kaiserslautern. Defect inspection tool was shown to the (local) industry. Interest in the tool and its usage in the Eclipse Framework was shown.
Discussion of further activities with Eclipse Ecosystem Europe team is planned.
The OWASP offered a forum for discussion and exchange of ideas among researchers and industry representative who present their experiences and discuss issues related to Secure Software Initiatives from a higher level to a technical point of view.
As part of LiUs work on various software security projects, including SHIELDS, we will work with individual companies to determine how they can adopt the methods and tools, including the SHIELDS SVRS, that we have developed for software security. This requires relatively high effort, but has high impact. Such activities also directly benefit the re-search effort. We have planned one such analysis with Ericsson; pending the outcome of that, others are expected to follow.
Week@ESI annually meets all the players involved in IT Competitiveness around the world: esi@net partners, ESICenters, ESI Patrons, local, regional or national governments, software companies, secto-rial associations, technology parks, research centres, universities and anyone with an interest in process improvement, software excellence, clustering initiatives and international collaborative research. Par-ticipants were ESI partners (from ESI@Net commercial network) and ESI centres (centres of excel-lence), and other security experts who collaborate with ESI in several research and consultancy pro-jects.
Euskadi INVEST is a multi-sector business meeting point between Basque ICT companies and companies of the rest of the Basque economy sectors, and it is hosted by ESI. The main topic of the conference is Improvement of the Business Competitiveness and the participants will be 50 ICT companies and 20 companies from other sectors.
The OWASP offered a forum for discussion and exchange of ideas among researchers and industry representative who present their experiences and discuss issues related to Web Application Security from a higher level to a technical point of view.
The aim of the Week@ESI was to meet all the players involved in IT Competitiveness around the world: esi@net partners, ESICenters, ESI Patrons, local, regional or national governments, software companies, sectorial associations, technology parks, research centres, universities and anyone with an interest in process improvement, software excellence, clustering initiatives and international collaborative research.
SHIELDS Project objectives and position were presented and future results summary description was given. All this information was extracted from the Project Brochure and Description of Work.
Participants were ESI partners (from ESI@Net commercial network) and ESI centres (centres of excellence), and other security experts who collaborate with ESI in several research and consultancy projects. Participants showed very interested in future results and liked the fact that two different demonstrators were going to be undertaken in the project, so the results would be ready to be adopted by industry. The vulnerability detection assistance was considered a very differentiating factor from other security engineering projects currently ongoing.
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software.
To this end OWASP promotes the set up of so called OWASP Projects to create guidelines, tools, methodologies, etc., able to improve the awareness on web application security and the web application software quality.
Additionally, OWASP organises periodic conferences in different continents to bring together industry, government, and security researchers to discuss the state of the art in application security. This series was launched in the U.S. in the Fall of 2004 and in Europe in the Spring of 2005.
The 2008 edition of the OWASP European conference has been held in Ghent (Belgium) on May 19-22 2008. AppSec Europe 2008 had 5 tutorials and 2 conference tracks.
OWASP conferences are events devoted to discuss the state of the art in application security, present new approaches/tools/methodologies, as well as discuss the status of the OWASP Projects, their evolution and road maps.
An overview of the SHIELDS concepts and project was presented and how SHIELDS fits with software security issues and OWASP objectives. The objective of the presentation was also to highlight SHIELDS synergies with OWASP activities and solicit the establishment of liaisons. There were positive feedbacks on SHIELDS and potential synergies with the OWASP community, even if the presentation did not have many attendees due to the parallel presentation held by Mr Gary McGraw (Cigital CEO and author of many books on the software security).
Interest on SHIELDS has been demonstrated by Sebastien Deleersnyder, in the OWASP board, who said that every action devoted to reduce SW security flaws and bugs is welcomed and has synergies with the OWASP projects.
The best approach to set up active liaisons between SHIELDS and the OWASP community is to carefully analyse the currently active OWASP projects (http://www.owasp.org/index.php/Category:OWASP_Project) to identify the ones more in line with SHIELDS approach and time schedule. Additionally, SHIELDS could evaluate the creation of new OWASP projects to promote some of its outcomes (e.g.: formal methods, tools, etc.).
The Norwegian Security and Vulnerability conference (Sikkerhet og sårbarhet) is a national security conference focusing on current IT-security challenges. Most participants are from industry. The con-ference is organised by The Norwegian Computer Society - the largest special interest society for information technology (IT) in Norway. SINTEF participates in the program commitee.
Presentation of challenges in secure software engineering in general, and an introduction to the SHIELDS project.
Both software end users and developers of security software were present at the conference. The need for secure software and better support to develop secure software (i.e. the need for SHIELDS) was confirmed.