On Wed, Mar 12, 2008 at 3:05 PM, Andy Steingruebl <[EMAIL PROTECTED]> wrote:

>  On a related note a quick perusal of the JavaOne conference tracks
>  doesn't show a lot of content in this area either.  Is this due to a
>  lack of interest, or people in the security world not pitching talks
>  to the development conference organizer?


Java is a tricky one. There were security sessions early on in
Java conferences, but they were about the stuff no one on the
planet actually does -- e.g. container security, code signing,
and JVM/applet permissions.

I think that turned a lot of devs off of security in Java-land.

In related news we're building J2EE courseware in a "by developers,
for developers" fashion and Anurag will be releasing some APIs
for java developers to actually do things like output encoding,
where Java/J2EE is about 4 years behind the rest of the world.

I imaged later this year or next year you'll see a few of us focusing
on developer (versus security) conferences, though I don't think
this changes the business problem/reality at all.

Arian Evans
software security stuff
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to