OWASP AppSec USA 2017


Save the Date!


Venue: Disney’s Coronado Springs Resort in Orlando, Florida


Call for Papers: Open ’til April 30, 2017. More information.


Event Site: https://2017.appsecusa.org/


Registration: CISQ members save $50 off the registration fee! Apply the code CISQ201750.


OWASP AppSec conferences are the premier gathering for software security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technological advancements.














OWASP AppSec Europe 2017


Venue: Waterfront Conference Center in Belfast, UK


Training: 8th, 9th & 10th of May 2017
Conference: 11th & 12th of May 2017
Conference dinner: 11th of May 2017


CISQ members save $50 off the registration fee! Apply the code CISQ201750.


The OWASP Annual AppSec EU Security Conference is the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences.


During the pre-conference (Monday 8th – Wednesday 10th May 2017) there is the opportunity to attend one of the many training courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. More details on pre-conference activities can be found here.


The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs. More information on the activities in the main conference can be found here.


What happens at an AppSec Europe Conference?

  • Technical talks by experts in security, devops and cloud
  • Panels to debate tough topics
  • Training sessions for hands on learning in top security areas
  • Keynotes from industry leaders
  • Vendor booths to promote the latest advances in security technology
  • A variety of other activities such as recruiting fair, capture the flag, security tool training, and more





Join TechWell at STAREAST software testing conference from May 7–12 at the Rosen Centre Hotel in Orlando, FL. The conference helps you learn both classical testing practices and new methodologies to grow your skills, supercharge your knowledge, and re-energize your view of your profession.


Register using CISQ’s exclusive promo code — SECM — and save up to $200 off your registration! Additionally, if you register by April 7, you will save up to an additional $200 off with super early bird pricing — a combined savings of up to $400.*


Not ready to register yet? Explore the full program and discover what the conference has in store. Build your full week of learning and benefit from comprehensive tutorials, exceptional concurrent sessions, inspiring keynotes, networking activities, pre-conference training classes, the Expo, and much more.












Speakers from DOD, DHS, U.S. Marines and Other Federal Agencies Confirmed to Present at DC Cyber Resilience Summit in March

Summit Theme is Securing Systems inside the Perimeter


Needham, MA – February 27, 2017 – The Consortium for IT Software Quality™ (CISQ™), an IT industry leadership group that submits standards for measuring software quality and size, today announced its return to Washington, D.C. as host of its sixth Cyber Resilience Summit, which will take place on Tuesday, March 21, 2017 from 8:00 a.m. to 12:30 p.m. at the Hyatt Reston Town Center in Reston, Virginia. The Summit will bring federal government agencies, industry leaders and security experts together to cover critical software security and cyber resilience issues. Registration is open to the public and costs $95 USD. Government admission is complimentary using the code CSQVA27. Media should use the code TCVAP17 for complimentary registration.


CISQ is hosting this event in cooperation with the Object Management Group® and the IT Acquisition Advisory Council.


“The theme of this spring’s event is Securing Systems inside the Perimeter because securing the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network,” said event host Dr. Bill Curtis, CISQ Executive Director. Dr. Curtis will demonstrate the role that cyber resilience standards play in reducing risk and how they can help meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems.


“With the new Trump administration pressing to secure and modernize legacy systems, this is the seminal event to learn how,” said John Weiler, program chair from the IT Acquisition Advisory Council.


Dr. Dale Meyerrose, Major General, U.S. Air Force retired, will deliver the keynote “Software Defined Everything.” Dr. Meyerrose is the first President appointed, Senate-confirmed chief information officer and information sharing executive for the U.S. intelligence community.


Making its third appearance at the Summit is the Titans of Cyber panel, featuring the following experts who will share their front-line experiences and insights managing cyber risk:

  • Don Davidson, Chief, Lifecycle Risk Management & Cybersecurity/Acquisition, U.S. Department of Defense (moderator)
  • Sonny Bhagowalia, CIO, U.S. Department of the Treasury
  • Dr. Ray Letteer, Chief, Cyber Security Division, U.S. Marine Cops
  • Dr. Ron Ross, Fellow, National Institute of Standards and Technology (NIST)
  • Rod Turk, Acting CIO, U.S. Department of Commerce
  • Danny Toler, Deputy Assistant Secretary, CS&C, NPPD, U.S. Department of Homeland Security

Other presentations on the agenda include: “Cyber Policy panel: Review the Presidential Executive Order for Cyber Security and IT Modernization Act”, “Use Case: Putting CISQ Standards into Action at Agile Speed” and “The Value of Security Benchmarks and Controls.”


To view the complete Cyber Resilience Summit agenda and to register, please visit http://it-cisq.org/cyber-resilience-summit-2017/.


The Cyber Resilience Summit is a special event, co-located during the OMG® Technical Meeting from March 20-24, 2017 in Reston, Virginia. Attendees who register for the full Technical Meeting week do not have to pay the additional fee to attend the Summit.



About CISQ
The Consortium for IT Software Quality™ (CISQ™) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by Booz Allen Hamilton, CAST, Cognizant, Huawei and Synopsys. For more information, visit www.it-cisq.org.



Ann McDonough
+1 781-444-0404



Note to editors: For a listing of all OMG trademarks, visit http://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.

Software Risk & Innovation Summit 2017



3:30pm: Check in and Opening Reception

4:00pm: Opening Remarks

4:15pm: DevOps and Digital Transformation Panel

5:15pm: Future of Innovation in IT Panel

6:00pm: Keynote Address

6:30pm: Networking Reception



Andaz Wall Street

75 Wall Street

New York, NY 10005


Registration: CISQ members receive a complimentary pass. Space is limited. Visit http://www.softwarerisksummit.com/nyc-2017


HBR shows that digital leaders outperform peers because they quickly recognize and scale innovation across their business. However, most IT leaders struggle with transformation as they are unable to see obstacles, preventing innovation and time-to-market improvement.


The 2017 Software Risk and Innovation Summit assembles executives that master digital transformation by identifying innovative practices, minimizing business risks and delivering measurable value. The Summit offers practical insights from Digital Leaders on building trust, managing risk and driving innovation.


The moderator is Michael Krigsman, an internationally recognized analyst, strategy advisor, enterprise advocate and blogger. He founded the influential web-based video show, CxOTalk, which brings together the top CIOs, CMOs and Chief Digital Officers in the world for insightful conversation. For CIOs and IT leadership, Michael specializes in topics such as innovation, business transformation, project-related business objectives and strategy and vendor planning.


Keynote speaker is Anurag Harsh, Founding Executive Ziff Davis. Voted LinkedIn’s #1 Global Thought Leader in Technology (Top Voices 2016), Anurag Harsh joined Ziff Davis as its first and founding executive 7 years ago when it was a small private publisher with 50 employees and helped turn it into the world’s #1 publicly traded digital media company in tech, health, gaming and entertainment, with 1400+ employees, reaching 150MM+ consumers worldwide, 33% of the US Internet and a stock (NASDAQ: JCOM) with a $4B+ market cap that has grown 170%+ over 5 years.


Industry panel discussions will focus on:

  • DevOps and Digital Transformation: Panelists examine how to accelerate DevOps transformation in fast-paced B2B and highly regulated environments.
  • Future of Innovation in IT: Panelists discuss trends in technology, business and policy and how they are changing IT strategy, thinking and skills.










Survey on Time-to-Fix Technical Debt

CISQ is working on a standard measure of Technical Debt. Technical debt is a measure of software cost, effort, and risk due to defects remaining in code at release. Like financial debt, technical debt incurs interest over time in the form of extra effort and cost to maintain the software. Technical debt also represents the level of risk exposed to business due to the increased cost of ownership.


Completing the measure requires estimates of the time required to fix software weaknesses included in the definition of Technical Debt.


Please take our Technical Debt Survey


The survey is a PDF form that is posted to the CISQ website. To take the survey:

  • Download the PDF form
  • Fill in your responses
  • Press the “send survey” button on the last page of the survey
  • Alternatively, you can save the PDF file to your desktop and email it directly to: coordinator@it-cisq.org


As a “thank you” for your time, we are giving away $20 Amazon Gift cards to the first 50 respondents.


To download the survey (PDF): http://it-cisq.org/technical-debt-remediation-survey/


Thank you for contributing to this initiative.


For any questions:


Tracie Berardi
Program Manager
Consortium for IT Software Quality (CISQ)
781-444-1132 x149



Gartner Program & Portfolio Management Summit 2017

EVTM_381_182251 PPM Media Partner Email Header


Advance the new program and portfolio management culture and your personal program and portfolio management leadership to drive innovation at the speed of business.


To succeed in the digital age, program and portfolio management must move past the traditional confines of “technical PM” to deliver new high levels of enterprise agility and business value.


Expand your role as an influencer and trusted agent of change. Explore how to proactively support the delivery of strategic business outcomes, as well as accelerate enterprise transformation through positive disruption at Gartner Program & Portfolio Management Summit 2017, June 5 – 7, in Orlando, FL.


CISQ members save $325 off the standard registration rate with code GARTCISQ.
Click here to view the agenda and register


How the PMO can make the best of shadow IT


Gartner predicts that through 2017, 38% of technology purchases will be managed, defined and controlled by business leaders.







AFCEA Washington, DC IoT Technology Summit



Tuesday, May 9, 2017

7:00 AM–12:30 PM

The National Press Club

1300 Pennsylvania Ave., NW

Washington, DC 20004


AFCEA Washington, DC invites you to attend the 2nd Annual Internet of Things Tech Summit on May 9, 2017. This event will feature keynotes from government leaders, government-led discussion panels, and an emerging mobile technologies expo.


Vinton G. Cerf, Vice President and Chief Internet Evangelist, Google delivers the opening keynote.


The event will feature IoT challenges and solutions within:

  • Standards / Interoperability
  • Security
  • Building an IoT Solution – Sensor, Network, Cloud, Application
  • Use Cases / Deployments


CISQ is a proud supporter of the AFCEA Washington, DC chapter.


View the agenda


Click here for registration











AFCEA Washington, DC Mobile Technology Summit



Wednesday, March 1, 2017

7:15 AM–5:15 PM

Ronald Reagan Building and International Trade Center

1300 Pennsylvania Ave., NW

Washington, DC 20004


AFCEA Washington, DC invites you to attend the 6th Annual Mobile Tech Summit on March 1, 2017. This event will feature keynotes from government leaders, government-led discussion panels, and an emerging mobile technologies expo.


The program explores mobile solutions from industry and government and focuses on solutions that  solve real-world, tactical and in-garrison challenges. The summit continues the dialog between government and industry and addresses how government can capitalize on commercial innovation. The program also includes industry’s response to the DOD CIO, other civilian agency and military services organization plans.


The event features tactical mobility challenges and solutions within:

  • Emerging Technologies
  • Application Ecosystems
  • Sensors
  • Internet of Things
  • Tactical Cloud
  • Security


View the agenda


Click here for registration







MTD 2017: The Ninth International Workshop on Managing Technical Debt

The Ninth International Workshop on Managing Technical Debt will be held in conjunction with XP 2017 in Cologne, Germany, on May 22, 2017.


Visit the SEI’s website: http://www.sei.cmu.edu/community/td2017/


Technical debt is a metaphor that software developers and managers increasingly use to communicate key tradeoffs related to release and quality issues. The Managing Technical Debt workshop series has, since 2010, brought together practitioners and researchers to discuss and define issues related to technical debt and how they can be studied.

Workshop participants reiterate the usefulness of the concept each year, share emerging practices used in software development organizations, and emphasize the need for more research and better means for sharing emerging practices and results.


Call for Papers


Big design upfront has widely been replaced by iterative and agile development approaches. In some agile environments, the architecture is even something that is meant to emerge in the course of the project through continuously revisiting and refactoring the product code. Projects have shown that both approaches lead to insufficiencies in design or implementation over the long term, known as technical debt, which is a metaphor used to communicate key tradeoffs related to release and quality issues.


The Ninth Workshop on Managing Technical Debt will bring together leading software researchers and practitioners, especially from the area of iterative and agile software development, for the purpose of exploring theoretical and practical techniques that quantify technical debt.


Questions of interest for the workshop include but are not limited to the following:

  • What are root causes for technical debt outside of the code, and how do we evaluate them?
  • What is the impact of agile and iterative software development approaches on technical debt?
  • Are agile techniques and their iterative development potential root causes for the introduction of technical debt?
  • Does strategic use of technical debt provide insight into the balance between upfront and emergent design and architecture in an agile environment?
  • Can encouraged deprecation mechanisms, versioning, and architectural approaches like microservices help avoid technical debt by simply disposing code?

The Managing Technical Debt workshop series has provided a forum since 2010 for practitioners and researchers to discuss issues related to technical debt, share emerging practices used in software development organizations, and emphasize the need for more research and better means for sharing emerging results. Consensus from our community indicates a need to focus on quantification approaches as well as qualification and measurement of technical debt on higher levels of design and architecture. Contributions from the area of agile and incremental development and their impact on technical debt are of special interest.


The following topics are aligned with the theme:

  • techniques and tools for managing technical debt in agile and DevOps environments
  • techniques and tools for calculating technical debt principal and interest
  • technical debt in code, design, architecture, and development and delivery infrastructure
  • measurements and metrics for technical debt
  • analyzing technical debt
  • visualizing technical debt
  • empirical studies on technical debt evaluations
  • relationship of technical debt to software evolution, maintenance, and aging
  • economic models for describing technical debt
  • technical debt and software life-cycle management
  • technical debt within the software ecosystem
  • technical debt in software models
  • concrete practices and tools used to measure and control technical debt

The SEI invites submissions of papers in any areas related to the themes and goals of the workshop in the following categories:

  • Research Papers: describing innovative and significant original research in the field (up to 8 pages)
  • Industrial Papers: describing industrial experience, case studies, challenges, problems, and solutions (up to 8 pages)
  • Position and Future Trend Papers: describing ongoing research, new results, and future trends (up to 4 pages)

Submissions should be original and unpublished work. Each submitted paper will undergo a rigorous review process by three members of the program committee. Submissions must be submitted online via EasyChair (https://easychair.org/conferences/?conf=mtd2017) and conform to ACM’s general guidelines for academic publishing

(http://www.acm.org/publications/proceedings-template). Accepted papers will be presented at the workshop and published in the XP 2017 post-conference proceedings.



Paper submissions: March 3, 2017

Notification of acceptance: March 24, 2017  Camera-ready copy: tbd

Workshop: May 22, 2017