STOS Symposium 2003

 

Panel Discussion Schedule

Panel Discussions:
Wednesday - Friday , 3-5 December
Times: see Calendar

 

Secure OS
Open Source v. Close Source
Open Source Licensing
Product Certifications (Common Criteria, FIPS, DII COE)
Forensics
Authentication Solutions

 

Panel Descriptions...

One representative from an organization per panel. Names are in no particular order. Each Panel member will be given ~15 minutes to briefly present their position on the topic to set the stage for open discussion which is expected to last 15 - 30 minutes.


Topic: Secure OS


Description: Can we, Public, Private & Academic Sectors, all actually build a Secure OS? What are some of the hurdles/challenges everyone faces in attempting to provide a Secure OS? What solutions or architectures have been developed and incorporated into both open source and COTS products to enhance the security offerings.

Representatives from Public, Private and Academic sectors will share their expertise on what has been deployed as well as their insight in what approaches could further be done to raise the security bar across all offerings. This will most likely bring about more discussion on the options and alternatives for future work than on what has been deployed to date.

Panelists:

Robert Watson – TrustedBSD
Sead Muftic – CSPRI, George Washington University
TBD – Apple Computer

[top]


Topic: Open Source v. Closed Source


Description: Is either Open Source or Closed Source really inherently any more secure than the other? Is there a non-disputable way to measure or does the nature of combining open source with closed source solutions negate the original debate? Is it possible that we are focusing on the wrong part of the problem and overlooking other real issues? How can the two camps join forces for the betterment of all solutions?

Panelists:

Robert Watson – Trusted BSD
Martin Hack – Sun Microsystems
TBD – Apple Computer
John Viega – Secure Software Solutions
Sean Finnegan – Microsoft

[top]


Topic: Free Software and Open Source Licensing


Description: What are the challenges, pitfalls, advantages of each of the open source licenses? Are the licensing models advancing collaboration and community contributions or are they restrictive in nature? Can solutions be made available under multiple licensing models and if so, which takes precedence? Do the open source security solutions being developed and deployed within organizations fall under public licensing? How are we all keeping track of where the code comes from and where it is going?

Panelists:

David Turner – Free Software Foundation
Robert Watson – Trusted BSD
John Hurley – Apple Computer
John Viega – Secure Software Solutions

[top]


Topic: Product Certifications
(Common Criteria, FIPS, DII COE, ...)


Description: Due to the overwhelming IT challenges and solutions positioned to solve those challenges, organizations have had to turn to independent labs to have products evaluated and certified. It is critical to everyone to have confidence in the products being used, but is the certifications in place meeting those needs and are the products offering better protection? How can the open source community cover the expense of independent lab certifications? How can organizations be given assurance that the products meet security expectations without some method of independent validation and certification? How can the cost and resource burden of certification be shared by all parties? or can it? What relevant open source and commercial products have either received or are going through various certifications?

Panelists:

Laura Stubbs – Cable & Wireless
David Turner – Free Software Foundation
John Viega – Secure Software Solutions
Sean Finnegan – Microsoft
Shawn Geddis – Apple Computer
[top]


Topic: Forensics


Description: Enterprise/Government IT is driven to provide services, data and communication in a timely manor. But with so much traffic and so many computer systems to manage, how on earth can an IT Manager have a chance at protecting privacy while ensuring agency policies exist and are enforced? There are many areas of forensics that IT Managers are unaware exist and at the same time there are several tools available both in the open source and commercially that can help. What are all of these tools, how can IT personnel get them and how do you use these darn things?

Panelists:

Keith Jones – Foundstone
Derrick Donnelly – BlackBag Technologies
Pravir Chandra – AOL


[top]


Topic: Authentication Solutions


Description: Proving who you claim to be seems simple enough, doesn't it? Ensuring indisputable accuracy of user identification yet keeping it useable has been the eternal goal. Authentication mechanisms over the years have ranged from password entry, biometrics and HW/SW Tokens. Are these existing mechanisms proving their metal or are there newer, better and faster mechanisms to keep our systems and data protected without complicating our lives?

Panelists:

Ken Hornstein – ITT Advanced Engineering and Sciences
Jason Garman – Computer Forensics Analyst, Mantech National Security Solutions Group
Peter Hesse – President, Gemini Security Solutions, Inc.

Pravir Chandra – AOL
David Corcoran – Identity Alliance
Taylor Boon – Former CTO, BNX Systems


[top]