Click for next page ( 61


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 60
C Biosketches of Workshop Speakers Cynthia Andres is a coauthor of Extreme Programming Explained: Embrace Change, nd edition. Her professional interests include team and individual psychology and facilitating change with large-scale transformative con- versations. She holds a B.A. in psychology from Pacific Union College with advanced work in women’s studies at the University of California at Santa Cruz and psychology at Portland State University. Kristen J. baldwin works in the Office of the Under Secretary of Defense, Acquisition, Technology and Logistics for the Director, Defense Systems. Ms. Baldwin’s responsibilities span both systems engineering and systems integration functional areas. She leads the OSD oversight and implemen- tation of software acquisition process improvement legislation, commonly referred to as Section 804. Ms. Baldwin formerly developed and man- aged the Triservice Assessment Initiative, which is a DoD tool for pro- gram managers to identify and mitigate system risk through independent expert assessments. Previous assignments in her career include serving as a science and technology advisor in the Army’s Office of the Deputy Chief of Staff for Operations and Plans and at the Dismounted Battlespace Battle Lab at Fort Benning. Ms. Baldwin received a bachelors degree in mechanical engineering from Virginia Tech in 1990 and a master’s in sys- tems management from Florida Tech in 1995. Kent beck is the founder and director of Three Rivers Institute. His career has combined the practice of software development with reflection, 0

OCR for page 60
 APPENDIX C innovation, and communication. His contributions to software develop- ment include patterns for software, the rediscovery of test-first program- ming, the xUnit family of developer testing tools, and Extreme Program- ming. He currently divides his time between writing, programming, and coaching. Mr. Beck is an author and/or coauthor of Extreme Programming Explained: Embrace Change, nd Edition; Contributing to Eclipse; Test-Drien Deelopment: By Example; Planning Extreme Programming; The Smalltalk Best Practice Patterns; and the JUnit Pocket Guide. He received his B.S. and M.S. in computer science from the University of Oregon. Kris britton is the director for the National Security Agency (NSA) Center for Assured Software. He has been involved with information assurance issues for the past 15 years, during which time he worked to establish commercial standards and programs to aid DoD customers in establish- ing trust in commercial products they purchase. He began his career as a commercial product evaluator in 1989, focusing on trust in operating systems and databases using the DoD standard (DoD 5200.28/Orange Book) and later helped to create the National Information Assurance Partnership and was named its first technical director. More recently he has been involved with software assurance issues, specifically working to evolve the NSA’s software assurance paradigm to address today’s evolv- ing and complex IT environment. Mary Ann Davidson is the chief security officer at Oracle Corporation, responsible for security evaluations, assessments, and incident handling. As a senior executive in the IT industry she brings both a military and a business background and in-depth experience with and perspective on industrial capacity to respond to Defense needs. She represents Oracle on the board of directors of the Information Technology Information Secu- rity Analysis Center (IT-ISAC) and is on the editorial review board of the Secure Business Quarterly. Ms. Davidson has a B.S.M.E. from the University of Virginia and an M.B.A. from the Wharton School of the University of Pennsylvania. She has also served as a commissioned officer in the U.S. Navy Civil Engineer Corps, where she was awarded the Navy Achieve- ment Medal. Joe Jarzombek serves as director for software assurance in the Policy and Strategic Initiatives Branch of the National Cyber Security Division within the Department of Homeland Security (DHS) and, as such, is the focal point on software integrity issues. He leads collaborative efforts in analyzing software life-cycle components, including people, processes, and technology and identifies areas for software quality and security improvement with a focus on development, acquisition, and support.

OCR for page 60
 SOFTWARE-INTENSIVE SYSTEMS AND UNCERTAINTY AT SCALE Mr. Jarzombek guides DHS initiatives in analyzing and resolving soft- ware challenges; supports the evolution of policy and guidance on soft- ware assurance, including assessment of federal policies, procedures, and evaluation schemes, such as the National Information Assurance Partner- ship. He functions as DHS coordinator for software quality and acquisi- tion initiatives; working with other federal agencies, state agencies, and international allies to focus on identifying and specifying organizational software-related processes and software-enabled technologies to mitigate risks attributable to software. Mr. Jarzombek works with federally funded research and development centers (FFRDCs), consortiums, foundations, universities, and standards groups to coordinate relevant initiatives and leverage organizational resources to share best practices, tools, processes, and research to improve software assurance. He serves as DHS liaison on government/industry working groups and serves on NIST, IEEE, and ISO/IEC standards committees and advisory groups, and other execu- tive groups to ensure software assurance needs are addressed in stan- dards, best practices, process models and product lifecycle initiatives. He publishes best practices in software security on the Web site https:// buildsecurityin.us-cert.gov/portal/ as information for developers and acquisition managers. In working with government/academic/industry groups, he leads team efforts to develop the Software Assurance Common Body of Knowledge, which is intended to provide a framework to rec- ommend updates in curriculum to enhance IT acquisition and software- related education and training across the federal acquisition workforce curricula, within universities and colleges, and within industrial training programs. Mr. Jarzombek has an M.S. in computer information systems from the Air Force Institute of Technology, Dayton, Ohio; a B.B.A. in data processing and analysis from the University of Texas, Austin; and a B.A. in computer science from the University of Texas, Austin, where he was also an Air Force ROTC distinguished graduate. Patrick Lardieri is manager of Distributed Processing Programs at the Lockheed Martin Advanced Technology Laboratory in Cherry Hill, New Jersey. He has spent over 10 years researching the suitability of open, standards-based middleware, operating systems, and networks for build- ing distributed real-time systems. Recently, he has been leading Lockheed Martin’s Software Technology Initiative, which is focused on developing technologies for managing the complexity of integrating large-scale soft- ware systems. He received a master’s in electrical engineering from the University of Pennsylvania. gary Mcgraw, the CTO of Cigital, Inc., researches software security and sets technical vision in the area of software quality management.

OCR for page 60
 APPENDIX C Dr. McGraw is coauthor of five best-selling books: Exploiting Software (Addison-Wesley, 2004), Building Secure Software (Addison-Wesley, 2001), Software Fault Injection (Wiley 1998), Securing Jaa (Wiley, 1999), and Jaa Security (Wiley, 1996). His new book, Software Security: Building Security In (Addison-Wesley), was released in February 2006. A world authority on software security, Dr. McGraw consults with major software producers and consumers. Dr. McGraw has written over 75 peer-reviewed technical publications and functions as PI on grants from Air Force Research Labo- ratories, DARPA, the National Science Foundation, and NIST’s Advanced Technology Program. He serves on advisory boards of Authentica, Coun- terpane, and Fortify Software, as well as advising the Computer Science Department at the University of California, Davis, the Computer Science Department at the University of Virginia, and the School of Informatics at Indiana University. Dr. McGraw holds a dual Ph.D. in cognitive science and computer science from Indiana University and a B.A. in philosophy from the University of Virginia. He is a member of the IEEE Security and Privacy Task Force, and was recently elected to the IEEE Computer Society’s board of governors. He writes a monthly security column for the magazine IT Architect, is the editor of “Building Security In” for IEEE’s Security & Priacy magazine, and is often quoted in the press. Richard W. Selby is the head of software products at Northrop Grum- man Space Technology in Redondo Beach, California. He manages a 250- person software organization and has served in this position since 2001. Previously, he was the chief technology officer and senior vice president at Pacific Investment Management Company (PIMCO) in Newport Beach, California, where he managed a 105-person organization for 3 years. From 1985 to 1998, he was a full professor of information and computer science (with tenure) at the University of California at Irvine. Since 2004, he has held an adjunct faculty position at the University of Southern California Computer Science Department at Los Angeles. In 1993, he held visiting faculty positions at the MIT Laboratory for Computer Science and MIT Sloan School of Management in Cambridge, Massachusetts, and in 1992, he held a visiting faculty position at the Osaka University Department of Computer Science in Osaka, Japan. His research focuses on development and management of large-scale systems, software, and processes. He has authored over 100 refereed publications and given over 205 invited presentations at professional meetings. At Northrop, he led the $3 billion company to a successful enterprise-wide rating of Capability Maturity Model Integration (CMMI) level 5 for software. He served as the chief software engineer for the NASA Prometheus spacecraft to Jupiter. He also received the company’s highest quality award, named after former President Tim W. Hannemann, for improvements in development, man-

OCR for page 60
 SOFTWARE-INTENSIVE SYSTEMS AND UNCERTAINTY AT SCALE agement, process, and quality. At PIMCO, he led the $1 billion company to be ranked as the fourth most innovative technology organization in financial services, according to Wall Street & Technology. At the University of California, Irvine, he coauthored an international best-selling book that analyzed Microsoft’s technology, strategy, and management: Microsoft Secrets: How the World’s Most Powerful Software Company Creates Technol- ogy, Shapes Markets, and Manages People. The book, written with Michael Cusumano, has been translated into 12 languages, has 150,000 copies in print, and was ranked as a #6 best-seller in Business Week. He received his Ph.D. and M.S. degrees in computer science from the University of Maryland, College Park, Maryland, in 1985 and 1983, respectively. He received his B.A. degree in mathematics from St. Olaf College, Northfield, Minnesota, in 1981. Alfred Spector, NAE, is currently an independent consultant working with IBM and a few small companies, and performing some government service. In his previous position as CTO and vice president of Strategy & Technology for IBM’s Software Group, Dr. Spector was responsible for its technical and business strategy, standards, software development meth- odologies, advanced technology, and cutting-edge technical engagements. Prior to this position, Dr. Spector was vice president of IBM’s world- wide services and software research, general manager of marketing and strategy for IBM’s middleware business, and general manager of IBM’s transaction software business. Dr. Spector was also the founder and CEO of Transarc Corporation, a pioneer in distributed transaction processing and wide-area file systems and a tenured faculty member in the Carnegie Mellon University computer science department. Dr. Spector received his Ph.D. in computer science from Stanford University and his A.B. in applied mathematics from Harvard University. He is recognized for his contributions to the design, implementation, and commercialization of reliable, scalable architectures for distributed file systems, transaction sys- tems, and other applications. Dr. Spector is also an ACM and IEEE fellow and a recipient of the IEEE Kanai Award in distributed computing. Werner vogels is vice president and chief technology officer at Amazon. com, where he is responsible for driving the technology vision to continu- ously enhance the innovation on behalf of Amazon’s customers at a global scale. Prior to joining Amazon, he worked as a research scientist at Cornell University, where he was a principal investigator in several advanced research projects that target the scalability and robustness of mission-criti- cal enterprise computing systems. He has held positions of vice president of technology and chief technology officer in companies that handled the transition of academic technology into industry. Dr. Vogels holds a Ph.D.

OCR for page 60
 APPENDIX C from the Vrije Universiteit in Amsterdam and has authored a large num- ber of articles for journals and conferences, most of them on distributed systems technologies for enterprise computing. John vu is a technical fellow at Boeing’s engineering, operations, and technology. He has worked in various technical and management posi- tions in Boeing, including computer-aided design and computer-aided manufacturing supporting the development of the 777 airplane, leading software and systems process improvement, and managing Boeing global software outsourcing. Prior to joining Boeing, Mr. Vu worked at Teradyne Semiconductor; Litton Industries, Motorola, and GTE. He led teams to build navigation and avionics systems (F-15 and Tomahawk cruise mis- sile) and design the array processors for several signal processing systems (AWAC and several space exploration satellites). Mr. Vu is a visiting scientist at the Software Engineering Institute (SEI), where he focused on the development and implementation of several capability maturity models. As senior scientist at Carnegie Mellon University, he is conduct- ing research on software trends in the industry, such as process improve- ment, e-business, and outsourcing. He has authored several benchmark- ing papers on these topics. He published over 40 technical papers on software and systems engineering disciplines, three books on software engineering and has presented papers at various software engineering conferences worldwide. He is a member of the Technical Advisory Board of IEEE Software, and adjunct faculty at Carnegie Mellon University and Seattle University.

OCR for page 60