Invited Talk: Information assurance considerations for software supply chains and 3rd parties

The notion of having 3rd party software and 3rd party assessors of that software is not novel. What is becoming more main-stream is the desire for a large quantity of current and future mobile app software to be malware-free. The question then becomes how likely is it that malware can be detected by 3rd party groups or individuals. This talk will discuss at a high level one approach to the problem based on a real military smartphone project for DARPA, and then we conclude if time permits to discuss malware genealogy and composability / interoperability issues that are core to the cyber security dilemma we face. A few other topics that might be addressed in the Q&A portion of the talk include 2 of the 13 grand challenges in software engineering research and practice.