I'm not sure if the post made the list, but I outlined what I believe is a huge difference between government and beltway contractors, and the private sector.
DoD (and most gov/gov-contractor corps) fall squarely into the "assurance" camps. Private sector is heavily into "mitigation" and "response". I get a completely different feel, due to entirely different organizational/business realities, from software startups and silicon valley in general. That's great that you see this, though. Good news. -ae On Fri, Mar 14, 2008 at 7:06 AM, Mike Lyman <[EMAIL PROTECTED]> wrote: > Arian J. Evans wrote: > > Overall security is not a feature or a function that you can monetarize. > > It's not even cool or sexy. It's an emergent behavior that is only > > observed when it is making your software harder to use. > > > > Maybe it is just the US Department of Defense environment where I am > currently working but I see developers start to see this as cool and > sexy. Most are picking it up quickly and a few are even interested in > diving in deep into the security world. They ask great questions and are > doing a lot of independent research on it. We are in an environment > where they get security awareness training a few times a year and are > constantly bombarded with security messages but some of them really are > getting into it. It gives them something new to learn and it is driving > them to go deeper into some development subjects that they normally > would not ever be allowed to look at due to delivery schedules. Security > is giving them a good excuse to go learn more. > -- > > Mike Lyman > [EMAIL PROTECTED] > > > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > -- Arian Evans software security stuff _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________