High Integrity Software: How to balance the competing forces of risk and reward
Panel of Industry Experts
Rob Ashmore, UK MOD | Lucia Capogna, Cyber Security & Software Assurance Lead, SYSTRA | David Chisnall, SCI Semiconductor | Professor John Goodacre, UKRI
In the world of high integrity software engineering, where safety and security are paramount, risk and vulnerability assessments are important everyday tools. But “risk” isn’t just a technical term — it’s a multi-faceted concept that touches on business viability, commercial competitiveness, sociological impacts, and national security. How can your business stay profitable while remaining agile enough to keep up with rapid technological advancements? How can governments remain nimble in the face of emerging threats? Standards act as crucial guardrails for developing critical systems, but in our fast-evolving landscape, is a step-by-step approach to their evolution enough? Or do we need a more radical overhaul?
Join our panel of industry experts as they dive into the intricate dance of balancing risk and reward. We’ll answer these big questions and more as we explore who should ultimately make the call on our collective risk appetite and how we can navigate these competing forces to forge a safer, more secure future.
About Panel of Industry Experts
Rob Ashmore is the UK Ministry of Defence's "Chief Technologist - Software" for the Future Combat Air System (FCAS), a key component of which is the Global Combat Air Programme (GCAP). He is also a Dstl Fellow for "Critical Software", in the Cyber Security and Safety group at the UK Defence Science and Technology Laboratory (Dstl), which is part of the UK Ministry of Defence. Rob has over 30 years' experience, covering all aspects of the software lifecycle in a defence and security context, including writing and supporting operational software, and the certification of safety-critical software. Rob is a Chartered Scientist, a Chartered Mathematician and a Fellow of the Institute of Mathematics and its Applications.
Lucia Capogna is the Cyber Security and Software Assurance Technical Lead and Team Leader in SYSTRA UK and Ireland and she has over 17 years of experience in software and cyber security in several industries. Lucia is a Computer Science Engineer and System Engineer with experience in Software, Cybersecurity, Configuration Management, Requirements Management and Verification and Validation, Project Management with background in multiple industries including Railway, Defence, Oil & Gas and Renewable Energy. Lucia represents the UK in several CENELEC and IEC standardisation groups such as WG28 for the EN50128 and the new cross sector Software Standard (EN 50716:2023), WG26 for the TS 50701 Cybersecurity Technical Specification, the new pr IEC 63452 international standard for cybersecurity in rail applications and WG15 for the EN 50129.
David Chisnall's background spans compilers, operating systems, security, and computer architecture. He has written three books about programming, one about the internals of the Xen Hypervisor, has been an LLVM committer since 2008 and served two terms on the FreeBSD Core Team. He joined the CHERI project at the University of Cambridge in 2012 to lead the languages / compilers strand of the work. He moved to Microsoft in 2018 where he led the CHERIoT project, scaling CHERI ideas down to tiny microcontrollers. He is now responsible for evolving the CHERIoT Platform at SCI Semiconductor, a startup that aims to ship the first commercial CHERI silicon in 2024.
John Goodacre is Professor of Computer Architectures at the Department of Computer Science, The University of Manchester in the UK having previously spent 17 years with Arm Ltd as the Director of Technology and Systems where he defined and introduced the first multicore processors and other widely deployed technologies. He is also appointed by UK government's Research & Innovation agency as the Director of the Digital Security by Design, a £200M programme to enable industry and researchers to create a step change in approach to cybersecurity, blocking vulnerabilities by design and protecting the operation and data by default. His research interest includes new processing paradigms, web-scale servers, exascale efficient systems and secure and ubiquitous computing.