July 10, 2024
13:30
13:30 - 14:30
Registration
14:30
14:30 - 14:55
Welcome remarks
MathiasCormann (OECD)Je-MyungRyu (Ministry of Science and ICT of Korea)
14:55 - 15:10
High-level group photo
15:10
15:10 - 15:25
Keynote speech
ChristopherHockings (IBM Security, APAC)
15:25 - 16:25
Session 1 – Security-by-design and open-source software
Security-by-design is an approach that seeks to build security in products and services from the outset and throughout their lifecycle rather than as an afterthought, while maintaining the capacity to innovate and adapt to an ever-changing threat landscape. Following OECD Recommendations in this area, policy makers encourage its adoption by industry to reduce digital security risk, building on existing methodologies and standards such as the Secure Development Lifecycle. However, it is unclear how OSS projects can implement security-by-design. This session will explore the opportunities and challenges related to security-by-design in OSS.
RasmaAraby (Atsec information security AB)AllanFriedman (Cybersecurity and Infrastructure Security Agency (CISA))RobinGinn (OpenJS Foundation)HeejoLee (Korea University)ElinaMachefer (French Cybersecurity Agency (Agence nationale de la sécurité des systèmes d'information ANSSI))JeremyWest (OECD)
16:25
16:25 - 16:45
Coffee Break
16:45 - 17:35
Session 2 – Open-source software and vulnerability treatment
When it comes to vulnerabilities, both proprietary and open-source software face the same reality: the more complex the code, the more vulnerabilities there are, and despite all efforts to secure the code by design, some vulnerabilities still remain, as explained in recent OECD work. The solution to software vulnerabilities is their detection and resolution, including through vulnerability treatment and co-ordinated vulnerability disclosure (CVD), a collaborative process involving all stakeholders, from security researchers (detection, disclosure) to software editors (vulnerability handling and resolution) and users (patching and vulnerability management). In 2022, the OECD recommended the adoption of public policies to encourage vulnerability treatment. This session will explore the specificities of OSS with respect to vulnerability treatment, and the unique characteristics of its ecosystem.
İsmailErkek (Computer Emergency Response Team of the Republic of Türkiye (TR-CERT))KyoungaeKim (LG Electronics)MelanieRieback (Radically Open Security)HarryToor (The Linux Foundation)TaketoYamada (Ministry of Economy Trade and Industry of Japan)
17:45
17:45 - 20:30
Reception hosted by MSIT and KISA
Welcome remarks from, Sang-Joong Lee, President, KISA