Integrating security activities into the software development lifecycle is going to be a major theme at OWASP AppSec 2004 (June 19/20 in NYC). The talks will cover a broad range of topics that web application and web service developers must address, including metrics, training, standards, and best practices. Almost every talk includes a process angle.
You can find out more and check out the agenda at http://www.owasp.org. There are still a few seats left. I hope you can join us. --Jeff Jeff Williams Aspect Security, Inc. http://www.aspectsecurity.com ----- Original Message ----- From: "Kenneth R. van Wyk" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 08, 2004 12:05 PM Subject: [SC-L] Interesting article on the adoption of Software Security > There's an interesting article out on Net-Security.org (see the full article > at http://www.net-security.org/article.php?id=697) that addresses why > software development organizations adopt (or do not adopt) a Software > Security development methodology. Check it out -- it's a good read, IMHO. > > Among other things, it says, "...effective secure development will only become > more widespread when organisations receive better education. To achieve this > security consultancies need to adopt an active campaign and the media need to > provide coverage." > > Cheers, > > Ken van Wyk > -- > KRvW Associates, LLC > http://www.KRvW.com