Damien Cupif

National Institute of Standards and Technology, Gaithersburg, MD

Journal Articles

Improving Software Assurance through Static Analysis Tool Expositions

The National Institute of Standards and Technology Software Assurance Metrics and Tool Evaluation team conducts research in static analysis tools that find security-relevant weaknesses in source code. This article discusses our experiences with Static Analysis Tool Expositions (SATEs) and how…
View Article

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Report - JFAC/DAU/CSIAC Cyber Experiment (CYBEX)

This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX). In addition to evaluating newly developed SwA guides for program managers and developers, the exchange included addressing/bringing back foundational software/system engineering concepts to address root of fundamental SwA issues as well as adopting common language in the areas of functionality and risk in order to identify issues early.

Read the Report

CSIAC Report - Emerging Developments in Cyberlaw: 2019

CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of emerging developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as consumer privacy rights, forensic border search of computers, search consent, biometrics, expectations of privacy from cloud providers, and cyber insurance.

View the Slides