On Wed, Mar 12, 2008 at 4:30 PM, Gary McGraw <[EMAIL PROTECTED]> wrote:
> Hey andy,
>  You mean AJAX one?   Last time I went there was zero interest and even less 
> clue about security among attendees.  The only shining light was a long 
> conversation I had with bill joy about security critical decisions those guys 
> screwed up with Java (especially with regards to closure).

>  A decade of evangelism only goes so far!   Do help!

Fair enough :)  I was looking at the program for the just finished SD
West and the security track actually looks to have been pretty good.
I think one thing we're missing from there is more emphasis on actual
SDL process, rather than focus on individual items within it.
Activities like how to form a steering group within a company, how to
bootstrap some of the practices, etc.

Do folks here have suggestions of conferences we ought to be targeting
with these sorts of presentations, papers, etc?  JavaOne seems like it
might have been a good place to target.  There are some smaller
developer conferences out there, some general security conferences,
and there has been discussion here and within OWASP as well of how we
can start better targeting these forums for our evangelizing...


Andy Steingruebl
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to