Name: Managing Trustworthiness & Dependability of Systems Acquired Via Supply Chain
Start: 2022-04-06T20:00:00Z
End: 2022-04-06T20:54:34.000Z
Location: BrightTALK
Rating: 4

The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium. Founded in 1989, OMG standards are driven by vendors, end-users, academic institutions, and government agencies.

Lucile and Stephane motivate you to see IT differently in this thought-provoking presentation. Starting by introducing responsible computing and green IT, they move on to show what makes a typical web page, what happens with the processing, and why many parts can be removed, saving energy, costs, and improving user retention, which is linked together.

How to Spot the Waste in IT and Web Development

Software now powers everything from smartphones and cars to medical devices and critical infrastructure. However, with the rise of cyber threats and recent government orders, it is crucial to clearly understand what components are in the system, where they came from, who has had access to them, whether they are subject to licenses, and whether they harbor known vulnerabilities. This is where Software Bill of Materials (SBOM) comes in.
 
Join us for an informative webinar on SBOM. In this webinar, you will learn how Software Component Analysis (SCA) is key to having an up-to-date SBOM and get answers to these critical questions:

1. Why are SBOMs critical for software development, security, and compliance?
2. How are SBOMs implemented and used to control software supply chain risks?
3. What are the contents of an effective SBOM?
4. What are the challenges and risks associated with SBOM implementation?
5. What are tools and best practices for creating and maintaining an effective SBOM?
 
This webinar is ideal for software developers, security professionals, compliance officers, IT managers, and anyone interested in learning about SBOM and its impact on software supply chain management. Don't miss this opportunity to gain valuable insights and ask questions to our expert speaker. Register now!

SBOM 101: How to Control Software Supply Chain Risks Like a Pro

Join us for a tour of the Responsible Computing Self-Assessment. The self-assessment charts a journey and provides recommendations based on responses to achieving sustainable practices in ICT environments for technology vendors and their clients, assessing six domains: Code, Data Center, Data Usage, Impact, Infrastructure, and Systems. 

The self-assessment is available to the public on our website: https://responsiblecomputing.net/responsible-computing-self-assessment/

Our members are working on a maturity model and deeper assessment, which will be available to our member organizations to provide a more profound framework of how to be a responsible computing leader.

Introducing the Responsible Computing Self-Assessment

The UAF is the latest modeling specification for systems of systems (SoS) modeling. It is designed to cover all the viewpoints from the latest defense architecture frameworks, namely DoDAF, MoDAF, NAF and others. The UAF is a very rich specification with several layers (domains) and aspects (“model kinds”) and while it is very rich and expressive, how to apply it in a real-life context can be quite challenging. One challenge is how to translate concepts of operation, existing and future capabilities, planning and acquisition strategy into a concrete UAF model. Another challenge is how to properly use the various levels of abstractions across its domains to enable reuse across different concrete realizations. Yet another challenge is that UAF does not exist in isolation and needs to be integrated with a broader set of lifecycle tools, such as requirement tools, system models in SysML, planning tools, simulation tools and others.  

In this demo, we describe how we transform conops documents and requirements into an actual UAF model using an emergency response system, which is a SoS. We demonstrate how the various UAF aspects are modeled, how the UAF modeling environment is integrated with a requirements management system, how the UAF technical views are integrated and transformed into SysML system models, and how roadmaps and plans are integrated with planning tools. We will also show how behavioral aspects of the SoS UAF models are simulated to validate them and reason about the behavior of the overall SoS. The overview will include demonstrations using an actual set of tools typically used in engineering environments.

UAF Tool Vendor Roadshow (Dec 2022) - IBM Rhapsody

Jason Hunter, Digital Transformation PM (US Navy - NAVSEA, PEO IWS)
https://www.linkedin.com/in/jason-hunter-b4b33213

https://www.omg.org/devsecops/
c4i-chair@omg.org

2023 DevSecOps Info Day: Achieving Rapid Capability Creation to USN Deployment

Nicholas Gallo, Senior Specialist Solutions Architect (RedHat)
https://www.linkedin.com/in/nicholas-gallo-57b14278

https://www.omg.org/devsecops/
c4i-chair@omg.org

2023 DevSecOps Info Day: An Open Approach to DevSecOps Standards

Rob Cameron, Principal SDE Lead (Microsoft)
https://www.linkedin.com/in/robcamer

In this session, the presenter will discuss lessons learned and approach in three years of coding-with / building-with the Department of Defense using Azure DevOps, GitHub, and GitLab implementing DevOps and DevSecOps pipelines as part of build-low / deploy-high as well as disconnected deployments.

https://www.omg.org/devsecops/
c4i-chair@omg.org

2023 DevSecOps Info Day: Building DevOps/DevSecOps Pipelines to Meet DoD Op Reqs

Matt Wilson, Group VP (SimVentions)
https://www.linkedin.com/in/mattwilsonsimv

Although the concept of DevOps / DevSecOps is generally understood and widely adopted across the software development landscape there is limited opportunity for innovative third-party tools to work in or across implementations. This session will explore how standards have enabled
past innovation and competition in other domains and how they could open up opportunity for enhanced value, simplification, scalability, adaptation, and integration of the DevSecOps landscape.

2023 DevSecOps Info Day: Enabling Value Added Capabilities To A DevSecOps World

Anil Karmel, Co-Founder & CEO (RegScale)
https://www.linkedin.com/in/anilkarmel

There's been a push in our industry to make security real-time, continuous, and complete. As such, many tools have emerged, including Cloud Security Posture Management (CSPM) solutions, Vulnerability and Code Scanners, etc., to try and find issues before they occur. However, we're still managing compliance in Word documents and Excel spreadsheets that are instantly out of date the moment they are created. With the rise of the API economy, cloud, and modern development tools, the time has come for compliance to be reimagined leveraging a cultural transformation coupled with standards and tooling. During this session to learn how we can bring the principles of DevOps to Compliance in a new discipline called Regulatory Operations (RegOps).

https://www.omg.org/devsecops/
c4i-chair@omg.org

2023 DevSecOps Info Day: RegOps Bringing the Principles of DevOps to Compliance

David Overeem, Systems & Software Engineer (Boeing Space Systems)

Bio: David is currently the Product Owner for Boeing's next generation of spacecraft command and control software. In that role, he brings more than 20 years of experience operating, maintaining, integrating, and developing spacecraft ground communications software across a spectrum of programs, flight platforms, and supporting vendors.

https://www.omg.org/devsecops/
c4i-chair@omg.org

2023 DevSecOps Info Day: Tales From the Front Lines – Delivering on The Promise

Bill Beckwith, CEO (Objective Interface Systems)

DevOps is frequently defined as "a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality". The tools that became commonly used in DevOps to automate the system configuration required pervasive privileged system access. Unfortunately these tools did not have
the requisite security robustness to support the broad responsibilities of pervasive privileged system access. Initially, DevSecOps was an attempt to configure these tools so that the system security was not dramatically weakened by their use. Over time, many organizations redefined DEVSECOPS as the processes to ensure that the system is born with and maintains a secure configuration.

https://www.omg.org/devsecops/
c4i-chair@omg.org

2023 DevSecOps Info Day: DevSecOps for Agile System Construction, Op, & Sustain

Christine Judd, Vice President of Unmanned Systems Division (Metron)
https://www.linkedin.com/in/juddchristine
Matthew Judd, Autonomy Software Architect & Developer of Unmanned Systems Division (Metron)
https://www.linkedin.com/in/mjudd220

Metron delivers multi-mission performance across a wide range of mission parameters and commercial applications. Through multi-agent system integration and control, we can reduce real-time decision making processes to save time, resources and achieve mission objective results. Deep water applications require a robust AUV solution designed with modularity and fault tolerance, guided by a dynamic world model. When you can efficiently obtain modularity through the loose coupling of typical AUV tasks such as navigation, sensor processing, and interaction with platform specific hardware, then you can achieve the maximum impact for your operations. Metron has spent the past 12 years as a leader in UUV development, and DDS has enabled rapid development and deployment of our technology for underwater applications.

Commercial Resilient Underwater Autonomy Solutions Utilizing The DDS Standard

The DDS® standard is for data-centric distributed systems that enables developers to build distributed applications with real-time, highly available, secure, low latency data access and exchange. Its architecture is based on the publish/subscribe messaging paradigm, allowing applications to send and receive data without having to establish direct connections with each other. Applications can subscribe to topics published by other applications and vice versa, allowing for a wide range of data exchange scenarios, data delivery reliability and scalability. It is often used in industries such as automotive, aerospace, industrial automation, healthcare, and finance. Its distributed data communication capabilities make it well-suited for use cases such as autonomous vehicles, industrial automation, smart grids, logistics systems, and more.

Join the DDS Foundation for an informative and interactive mini-forum on the DDS® standard. Whether you're new to DDS or an experienced user, this event will provide you with updates on the DDS protocol, interoperability with other standards, use cases and more. The session concludes with a panel discussion and audience Q&A. Learn why the DDS standard has been adopted by companies such as Intel, IBM, Microsoft, Bosch, and Siemens.

Get involved today by visiting https://www.dds-foundation.org/ or contacting DDSF-info@omg.org.

2023 DDS Forum

Monte Porter, Consultant (Monte Porter Associates LLC)
https://www.linkedin.com/in/monteporter

This session addresses some of the lessons learned in the organization wide roll-out of MBSE and specifically address some of the extensions to the standard that are necessary to support a product manager in the pursuit of a successful program. The session also covers the application of Mission Engineering to support the process.

https://www.omg.org/uaf/
https://www.omg.org/spec/UAF
https://www.omg.org/omg-certifications/uaf-certifications-sponsorship.htm
https://youtu.be/AWJk_7KtQ0w
uaf-chairs@omg.org

2023 UAF Summit: Lessons In Applying Mission Engineering to Military Acquisition

Michael Shearin, Senior Research Engineer (Georgia Tech Research Institute)
https://www.linkedin.com/in/mike-shearin-5456613/
Richard Wise, Senior Research Engineer (Georgia Tech Research Institute)
https://www.linkedin.com/in/richard-wise-6b39384b/

So you have to be MOSA compliant? What does that mean? A Modular Open Systems Approach (MOSA) according to Title 10 of the U.S. Code means that a compliant system will employ a modular design and that major systems interfaces be compliant with consensus-based standards. The better question then is, how do you get started? We have developed an approach in UAF that gives system developers a leg-up to MOSA compliance at least with respect to the identification and application of consensus-based standards. It was after we created this approach that we became aware of the Domain Overlay concept work being done by the Model-Based Acquisition Working Group, and in a great sense of irony, validated our approach. This is the story of that journey, and how we see this approach being useful to our MBSE community.

https://www.omg.org/uaf/
https://www.omg.org/spec/UAF
https://www.omg.org/omg-certifications/uaf-certifications-sponsorship.htm
https://youtu.be/AWJk_7KtQ0w
uaf-chairs@omg.org

2023 UAF Summit: How I Stumbled Across A Domain Overlay & Why It’s Useful

Laura Hart, Research Engineer Senior Manager (Lockheed Martin)
https://www.linkedin.com/in/lauraehart

Systems Engineering has become Model-Based Systems Engineering (MBSE) in which models are used at all phases of development. To complete the digital thread from concept to disposal, models will be required for the acquisition phase. This session describes the activities of the OMG MBAcq User Group, which is a broad industry body with participation from OMG, INCOSE, Armed Services, OUSD, DoD CIO, NDIA, DAU, FFRDCs and many industry suppliers such as Boeing, Northrup Grumman, Lockheed Martin, etc. working together to create the standards and guidance to successfully deploy MBAcq to the larger community.

https://www.omg.org/uaf/
https://www.omg.org/spec/UAF
https://www.omg.org/omg-certifications/uaf-certifications-sponsorship.htm
https://youtu.be/AWJk_7KtQ0w
uaf-chairs@omg.org

2023 UAF Summit: OMG UAF Model Based Acquisition MBAcq Overview and Update

Daniel Hettema, Director of Digital Engineering, Modeling and Simulation (Office of the Under Secretary of Defense for Research & Engineering)
https://www.linkedin.com/in/daniel-hettema-20625758

For over two decades the Department of Defense Architecture Framework (DoDAF) has served as the bedrock on with architects have conveyed complex architectures to decision makers. Now with advisories accelerating, we must modernize our practice to communicate exponentially more complex architectures while simultaneously reducing the decision-making timeline. Industry has risen to meet this need with the development of the Unified Architecture Framework (UAF). A whole encompassing framework that combines the best parts of industry, NATO, and DoD architecture frameworks into a digital structured model. This session addressed the importance of UAF in the digital transition, the role it serves within the Office of the Secretary of Defense (OSD), and roadmap for updates to policy and guidance.

https://www.omg.org/uaf/
https://www.omg.org/spec/UAF
https://www.omg.org/omg-certifications/uaf-certifications-sponsorship.htm
https://youtu.be/AWJk_7KtQ0w
uaf-chairs@omg.org

2023 UAF Summit: Aligning to Industry Best Practices: The UAF @ OSD

Matthew Hause, Principal Consultant (System Strategy, Inc.)
https://www.linkedin.com/in/matthew-hause-16a4165
Lars-Olof Kihlström, Principal Consultant (Syntell AB)
https://se.linkedin.com/in/lars-olof-kihlstr%C3%B6m-6a7b13
Jennifer Russell, Program & Management Support Leader (Garver) 
https://www.linkedin.com/in/jennrussell

In his Gettysburg Address, Abraham Lincoln spoke of “government of the people, by the people and for the people.” The INCOSE Smart Cities Initiative (SCI) is proceeding along these lines to support municipal governments in considering people first in smart city efforts. This Initiative will support municipalities and public agencies in adopting Smart Cities technologies by applying systems engineering principles and tools. This Initiative will support holistic development of Smart Cities infrastructure and Concepts, Applications, Technology and Services (CATS) through an open framework. Their initial set of models and metrics focused on the people and communities to determine how a smart city can improve life for its residents. Towards that end, a modeling initiative using the Unified Architecture Framework (UAF) to put the human at the center of the system. The model looks at a city as an enterprise to examine the organizations, people, and communities using the human factors set of views. As a city of any size is a complex system of systems, the initial model is focused on Unhoused/Homeless People, how they interact with other organizations and people in the community, and how to improve outcomes for both them and the city. This session addresses the SCI and its goals, and then shows how MBSE can help planners understand the problem before looking for solutions.

https://www.omg.org/uaf/
https://www.omg.org/spec/UAF
https://www.omg.org/omg-certifications/uaf-certifications-sponsorship.htm
https://youtu.be/AWJk_7KtQ0w
uaf-chairs@omg.org

2023 UAF Summit: Keeping People First in the Smart Cities Enterprise

Join the Consortium of Information and Software Quality (CISQ) on April 6th, 2022, 3:00pm CST - 4:00pm CST to learn how to manage the trustworthiness and dependability of systems acquired through your supply chain. 

Learning Objectives:
- Learn how to leverage CISQ measures  to reduce risk in your contacts & SLAs
- How to certify software and its level of risk
- How to manage the quality of the software you are receiving from a supply chain
- Learn about the use of Software Bill of Materials (SBOM) in a software supply chain

About the Presenters:

Robert A. Martin, Senior Principal Engineer at the MITRE Corporation, has dedicated his career to solving some of the world’s most difficult problems in systems and software engineering. His work focuses on the interplay of risk management, cyber security, and quality assessment and assurance. For 23 years, Robert has applied his expertise to international cybersecurity initiatives such as CVE, CAPEC, and CWE, which host large active vendor and research communities, and is now working on standardizing the Software Bill of Materials (SBoM) and the supply chain security System of Trust™. 

Dr. Bill Curtis is CISQ’s Executive Director. Dr. Curtis led development of the Capability Maturity Model (CMM) at the Software Engineering Institute at Carnegie Mellon University. Dr. Curtis is an active participant in ISO JTC1 SC7 WG6 for Software and System Product Measures. In 2007, he was elected a Fellow of the IEEE for his career contributions to software process improvement and measurement.

Managing Trustworthiness & Dependability of Systems Acquired Via Supply Chain

ISO 5055

Software Asset Management

Supply Chain

Risk Based Security

Risk Management

Security

DevOps

ISO/IEC

Standards

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

The IT project management community on BrightTALK includes thousands of IT project and portfolio management professionals. Find relevant webinars and videos on agile methodologies, scrum strategy, project management processes and more. Attend live webinars or view on demand content presented by recognized thought leaders in the IT project management industry.

IT Project Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Managing Trustworthiness & Dependability of Systems Acquired Via Supply Chain

Presented by

About this talk

More from this channel