There are these: ISC(2) Secure Software Conference Series - https://www.isc2.org/PressReleaseDetails.aspx?id=650
ESSoS - http://distrinet.cs.kuleuven.be/events/essos/2012/ SecSE - http://www.sintef.org/secse SSIRI - http://paris.utdallas.edu/ssiri11/ But your point is taken. Most of the conferences in this domain appear to be outside the U.S. I'm not sure what THAT says about U.S. attitudes about software assurance (though I have my suspicions). More important is the question of who actually attends these conferences. I'm in the process of updating some research on how and where software security assurance is being taught by colleges and universities, and what I'm finding is that the topic has been pretty much marginalised into an aspect of information assurance - i.e., it's being taught mostly to postgraduates who are majoring in IA and related disciplines - rather than an aspect of software development. There are exceptions, of course - but by and large that seems to be the trend. And I think the same is true of the conferences. It's the security wonks who care about software assurance much more than the actual software developers. Take a look at: http://zastita.com/index.php?det=64494 === Karen Mercedes Goertzel, CISSP Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com Sorry, you have reached an imaginary number. If you require a real number, please rotate your phone by ninety degrees and try again. ________________________________________ From: sc-l-boun...@securecoding.org [sc-l-boun...@securecoding.org] on behalf of Steven M. Christey [co...@linus.mitre.org] Sent: 31 August 2011 16:45 To: Sergio 'shadown' Alvarez Cc: Adam Shostack; Secure Code Mailing List Subject: Re: [SC-L] informIT: Building versus Breaking While I'd like to see Black Hat add some more defensive-minded tracks, I just realized that this desire might a symptom of a larger problem: there aren't really any large-scale conferences dedicated to defense / software assurance. (The OWASP conferences are heavily web-focused; Dept. of Homeland Security has its software assurance forum and working groups, but those are relatively small.) If somebody built it, would anybody come? - Steve _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
