hi dinis, I will be covering the basics for sure. I agree with all of your points below.
The trickiest one you bring up is security labels which though it may be a good idea is a political swamp. I am up for an HP Protect band, but I am pretty sure such an idea has never crossed the corporate HP mind! See you in DC. gem From: Dinis Cruz <dinis.c...@owasp.org<mailto:dinis.c...@owasp.org>> Date: Sunday, September 15, 2013 5:54 AM To: gem <g...@cigital.com<mailto:g...@cigital.com>> Cc: Casey Callaway <ccalla...@cigital.com<mailto:ccalla...@cigital.com>>, Secure Code Mailing List <SC-L@securecoding.org<mailto:SC-L@securecoding.org>> Subject: Re: [SC-L] HP Protect Keynote (next week 9.17.13) I'll be there and am looking forward to seeing it Can you cover the need to: a) 'talk' to developers using UnitTests, b) stop giving developers PDFs/badometers , c) create security Labels for APIs/Apps and d) use open source tools like the O2 Platform (and ThreadFix) to integrate+glue the application security knowledge created by tools and humans :) For the record I'm gutted that HP can't organise an 'Conference Band' like the 'Owasp band' so that we can do our yearly rendition of the 'SQL Injection Blues' :) Dinis On 15 Sep 2013 09:39, "Gary McGraw" <g...@cigital.com<mailto:g...@cigital.com>> wrote: hi sc-l, This year's keynote talk at HP Protect will be all about software security. How do I know? Well, I'm giving the talk. You can register here if you want to attend HP Protect in Washington, DC. http://h30627.www3.hp.com/ The Discover Performance magazine featured an article about software security as one part of the run up to the HP Protect Conference. You can read that here: http://bit.ly/153CFDB<http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html> It's great news for the field that we're being asked to talk about software security at a major conference as the keynote. I hope to see some of you there. gem company www.cigital.com<http://www.cigital.com> podcast www.cigital.com/silverbullet<http://www.cigital.com/silverbullet> blog www.cigital.com/justiceleague<http://www.cigital.com/justiceleague> book www.swsec.com<http://www.swsec.com> twitter @cigitalgem p.s. Long URL for Kevin http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org<mailto:SC-L@securecoding.org> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
