QA Financial Forum Reviews the Impact of New Regulations on Software Risk Management

by

As banks, financial services and insurance organizations increase their reliance on software-based digital capabilities, they have big decisions to make on how they will protect business operations with effective software risk management.

This is the focus of a panel discussion at the QA Financial Forum, a leading event for professionals working in quality assurance and testing for software at financial services companies. With presentations from leading firms including Goldman Sachs, JP Morgan, Morgan Stanley, Deutsche Bank, USAA, New York Life and many others, the single day conference on November 29 features in-depth coverage of technologies that help CIOs manage software risk.

The conference is hosted by QA Financial, an independent news outlet, which covers the quality assurance, testing, and IT risk management of software and technology used by IT practitioners at financial organizations, all of whom search continually for new ways to guarantee the sustainability of their software systems. The QA practice has been challenged in recent years by automation, enterprise Agile reorganizations and the difficulty of achieving QA objectives in mobile and Cloud environments.

A chief concern driving this year’s event agenda includes the impact of new regulations on development and QA processes.

This environment commonly causes global companies to outsource more application development, and componentize development processes to more easily tackle secure and compliant software engineering. However, as software becomes more componentized, it is increasingly difficult to test the software end-to-end.

Compounding these challenges, SOX requires organizations to understand the end-to-end impact of the software they use, so releasing software in components is quite a risky process.

The panel discussion will specifically address how IT leaders in financial organizations can reduce the risk of software outsourcing and open source strategies. Among other topics, the panel will discuss:

  • Best practices for embedding compliance requirements and third-party risk control into sourcing arrangements
  • The role of a vendor risk manager and other stakeholders in managing supply chain risk
  • How to benchmark and measure code quality, security and risk
  • New models for managing off-shoring

Supporting this need to de-risk the software supply chain, a former CIO of Fannie Mae was recently quoted in the Wall Street Journal…

“Organizations today use a workforce constituted of not only employees but contractors, service providers and consultants and delivery partners that augment their own workforce. These partners have to deliver pieces and parts according to our guidelines for quality and security, and we want to make sure our resources are working hand in hand with their resources. We have tools to measure how well we are doing this and we have made it a requirement that software has to go through those screens before we go into production.”

For more information about the event, visit the QA Financial Forum event page

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Lev Lesokhin
Lev Lesokhin EVP, Strategy and Analytics at CAST
Lev spends his time investigating and communicating ways that software analysis and measurement can improve the lives of apps dev professionals. He is always ready to listen to customer feedback and to hear from IT practitioners about their software development and management challenges. Lev helps set market & product strategy for CAST and occasionally writes about his perspective on business technology in this blog and other media.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|