Dear Ben, having just been at SXSW Interactive (I live in Austin, TX) I did not
see many
discussions that pay attention to security, or any other software engineering
oriented concerns,
explicitly.
There was a discussion of scalability for web services that featured the
developers from digg,
First, thanks for that Bill, it exemplifies my point perfectly. A couple
thoughts...
one, targeting designers is just as important as reaching out to the
developers themselves... if the designers can ensure that security
requirements are incorporated from the outset, then we receive an added
On Tue, Mar 11, 2008 at 6:43 AM, Benjamin Tomhave
[EMAIL PROTECTED] wrote:
I had just a quick query for everyone out there, with an attached thought.
How many security and/or secure coding professionals are prevalently
involved with the SXSW conference this week? I know, I know... it's a big
Ben,
Your point is a good one -- the software security community needs to
be vigilant in reaching out to developers and spreading the word.
FWIW, some dev conferences have done this. I spoke at SD West in
2006, and there was a significant security track there. Still, it'd
be great to
On Wed, Mar 12, 2008 at 4:30 PM, Gary McGraw [EMAIL PROTECTED] wrote:
Hey andy,
You mean AJAX one? Last time I went there was zero interest and even less
clue about security among attendees. The only shining light was a long
conversation I had with bill joy about security critical
I agree.
Reaching the development community, that's precisely what we are
trying to do at secappdev. Thanks for helping with that too, Ken.
I have also taken some security-related sessions to conferences such
as XP Days Benelux, XP Days France and SPA. Appearing soon at ACCU.
I would love to hear
my responses inline
On Wed, Mar 12, 2008 at 6:08 PM, Benjamin Tomhave
[EMAIL PROTECTED] wrote:
I think you misunderstood my points a little bit. SXSW was just a
current conference example. As Gary's pointed out, there are many
conferences. It's possible SXSW wasn't a good example, but it was
I agree this is a big issue, there is no cotton picking way that the
security people are solving these problems, it has to come from the
developers. I put together a track for QCon which included Brian Chess
on Static Analysis, John Steven on Threat Modeling, and Jeff Williams on
ESAPI and Web
So two thoughts Ben, purely my 0.02 USD:
1. This is largely the wrong crowd. Designers of small web2.0 stuffs,
particularly the domain of widgets and WS interfaces for all the usual
suspect platforms (flickr, facebook etc.) as well as most startups:
They just don't care.
They will never care.
Hi again,
I rebooted the security track completely at SD West in 2003 (thanks to tami who
I cc'ed here). I'm on the advisory board.
We're slowly inching our way toward SDL/touchpoints/CLASP stuffs at SD West,
though when I tried to cover the touchpoints and enterprise security in 2006,
10 matches
Mail list logo
