I had just a quick query for everyone out there, with an attached thought.

How many security and/or secure coding professionals are prevalently
involved with the SXSW conference this week? I know, I know... it's a big
party for developers - particularly the Web 2.0 clique - but I'm just

Here's why: I'm increasingly frustrated by the disconnect between
business/dev and security. I don't feel like we're being largely
successful in getting the business and developers to include security as
part of their standard operating procedures. Developers are still
oftentimes lazy and sloppy, creating XSS and CSRF and SQL injection holes.

I then look at SXSW from afar and think: a) shouldn't I be there
evangelizing security? and, b) shouldn't a major thread to all these
conferences be about how security is integrating with dev processes and
practices, making it better?

Maybe I'm just too idealist. I'm curious what everyone else thinks.



Benjamin Tomhave, MS, CISSP
LI: http://www.linkedin.com/in/btomhave
Blog: http://www.secureconsulting.net/
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net/

"In answer to the question of why it happened, I offer the modest proposal
that our Universe is simply one of those things which happen from time to
Edward P. Tryon

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to