Panel Discussion
Schedule
Panel Discussions:
Wednesday - Friday , 3-5 December
Times: see Calendar
Secure
OS
Open Source v. Close Source
Open Source Licensing
Product Certifications (Common Criteria,
FIPS, DII COE)
Forensics
Authentication Solutions
Panel Descriptions...
One representative from
an organization per panel. Names are in no particular order.
Each Panel member will be given ~15 minutes to briefly present
their position on the topic to set the stage for open discussion
which is expected to last 15 - 30 minutes.
Topic:
Secure OS
Description: Can we, Public, Private & Academic Sectors,
all actually build a Secure OS? What are some of the hurdles/challenges
everyone faces in attempting to provide a Secure OS? What solutions
or architectures have been developed and incorporated into both
open source and COTS products to enhance the security offerings.
Representatives from
Public, Private and Academic sectors will share their expertise
on what has been deployed as well as their insight in what approaches
could further be done to raise the security bar across all offerings.
This will most likely bring about more discussion on the options
and alternatives for future work than on what has been deployed
to date.
Panelists:
Robert Watson –
TrustedBSD
Sead Muftic – CSPRI, George Washington University
TBD – Apple Computer
[top]
Topic:
Open Source v. Closed Source
Description: Is either Open Source or Closed Source really inherently
any more secure than the other? Is there a non-disputable way
to measure or does the nature of combining open source with
closed source solutions negate the original debate? Is it possible
that we are focusing on the wrong part of the problem and overlooking
other real issues? How can the two camps join forces for the
betterment of all solutions?
Panelists:
Robert Watson –
Trusted BSD
Martin Hack – Sun Microsystems
TBD – Apple Computer
John Viega – Secure Software Solutions
Sean Finnegan – Microsoft
[top]
Topic:
Free Software and Open Source Licensing
Description: What are the challenges, pitfalls, advantages of
each of the open source licenses? Are the licensing models advancing
collaboration and community contributions or are they restrictive
in nature? Can solutions be made available under multiple licensing
models and if so, which takes precedence? Do the open source
security solutions being developed and deployed within organizations
fall under public licensing? How are we all keeping track of
where the code comes from and where it is going?
Panelists:
David Turner – Free
Software Foundation
Robert Watson – Trusted BSD
John Hurley – Apple Computer
John Viega – Secure Software Solutions
[top]
Topic:
Product Certifications
(Common Criteria, FIPS, DII COE, ...)
Description: Due to the overwhelming IT challenges and solutions
positioned to solve those challenges, organizations have had
to turn to independent labs to have products evaluated and certified.
It is critical to everyone to have confidence in the products
being used, but is the certifications in place meeting those
needs and are the products offering better protection? How can
the open source community cover the expense of independent lab
certifications? How can organizations be given assurance that
the products meet security expectations without some method
of independent validation and certification? How can the cost
and resource burden of certification be shared by all parties?
or can it? What relevant open source and commercial products
have either received or are going through various certifications?
Panelists:
Laura Stubbs – Cable
& Wireless
David Turner – Free Software Foundation
John Viega – Secure Software Solutions
Sean Finnegan – Microsoft
Shawn Geddis – Apple Computer
[top]
Topic:
Forensics
Description: Enterprise/Government IT is driven to provide services,
data and communication in a timely manor. But with so much traffic
and so many computer systems to manage, how on earth can an
IT Manager have a chance at protecting privacy while ensuring
agency policies exist and are enforced? There are many areas
of forensics that IT Managers are unaware exist and at the same
time there are several tools available both in the open source
and commercially that can help. What are all of these tools,
how can IT personnel get them and how do you use these darn
things?
Panelists:
Keith Jones – Foundstone
Derrick Donnelly – BlackBag Technologies
Pravir Chandra – AOL
[top]
Topic:
Authentication Solutions
Description: Proving who you claim to be seems simple enough,
doesn't it? Ensuring indisputable accuracy of user identification
yet keeping it useable has been the eternal goal. Authentication
mechanisms over the years have ranged from password entry, biometrics
and HW/SW Tokens. Are these existing mechanisms proving their
metal or are there newer, better and faster mechanisms to keep
our systems and data protected without complicating our lives?
Panelists:
Ken
Hornstein – ITT Advanced Engineering and Sciences
Jason Garman – Computer Forensics Analyst, Mantech National
Security Solutions Group
Peter Hesse – President, Gemini Security Solutions, Inc.
Pravir Chandra – AOL
David Corcoran – Identity Alliance
Taylor Boon – Former CTO, BNX Systems
[top]