[SC-L] HP Protect Keynote (next week 9.17.13)
hi sc-l, This year's keynote talk at HP Protect will be all about software security. How do I know? Well, I'm giving the talk. You can register here if you want to attend HP Protect in Washington, DC. http://h30627.www3.hp.com/ The Discover Performance magazine featured an article about software security as one part of the run up to the HP Protect Conference. You can read that here: http://bit.ly/153CFDBhttp://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html It's great news for the field that we're being asked to talk about software security at a major conference as the keynote. I hope to see some of you there. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com twitter @cigitalgem p.s. Long URL for Kevin http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
Re: [SC-L] HP Protect Keynote (next week 9.17.13)
I'll be there and am looking forward to seeing it Can you cover the need to: a) 'talk' to developers using UnitTests, b) stop giving developers PDFs/badometers , c) create security Labels for APIs/Apps and d) use open source tools like the O2 Platform (and ThreadFix) to integrate+glue the application security knowledge created by tools and humans :) For the record I'm gutted that HP can't organise an 'Conference Band' like the 'Owasp band' so that we can do our yearly rendition of the 'SQL Injection Blues' :) Dinis On 15 Sep 2013 09:39, Gary McGraw g...@cigital.com wrote: hi sc-l, This year's keynote talk at HP Protect will be all about software security. How do I know? Well, I'm giving the talk. You can register here if you want to attend HP Protect in Washington, DC. http://h30627.www3.hp.com/ The Discover Performance magazine featured an article about software security as one part of the run up to the HP Protect Conference. You can read that here: http://bit.ly/153CFDB http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html It's great news for the field that we're being asked to talk about software security at a major conference as the keynote. I hope to see some of you there. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com twitter @cigitalgem p.s. Long URL for Kevin http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
Re: [SC-L] HP Protect Keynote (next week 9.17.13)
hi dinis, I will be covering the basics for sure. I agree with all of your points below. The trickiest one you bring up is security labels which though it may be a good idea is a political swamp. I am up for an HP Protect band, but I am pretty sure such an idea has never crossed the corporate HP mind! See you in DC. gem From: Dinis Cruz dinis.c...@owasp.orgmailto:dinis.c...@owasp.org Date: Sunday, September 15, 2013 5:54 AM To: gem g...@cigital.commailto:g...@cigital.com Cc: Casey Callaway ccalla...@cigital.commailto:ccalla...@cigital.com, Secure Code Mailing List SC-L@securecoding.orgmailto:SC-L@securecoding.org Subject: Re: [SC-L] HP Protect Keynote (next week 9.17.13) I'll be there and am looking forward to seeing it Can you cover the need to: a) 'talk' to developers using UnitTests, b) stop giving developers PDFs/badometers , c) create security Labels for APIs/Apps and d) use open source tools like the O2 Platform (and ThreadFix) to integrate+glue the application security knowledge created by tools and humans :) For the record I'm gutted that HP can't organise an 'Conference Band' like the 'Owasp band' so that we can do our yearly rendition of the 'SQL Injection Blues' :) Dinis On 15 Sep 2013 09:39, Gary McGraw g...@cigital.commailto:g...@cigital.com wrote: hi sc-l, This year's keynote talk at HP Protect will be all about software security. How do I know? Well, I'm giving the talk. You can register here if you want to attend HP Protect in Washington, DC. http://h30627.www3.hp.com/ The Discover Performance magazine featured an article about software security as one part of the run up to the HP Protect Conference. You can read that here: http://bit.ly/153CFDBhttp://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html It's great news for the field that we're being asked to talk about software security at a major conference as the keynote. I hope to see some of you there. gem company www.cigital.comhttp://www.cigital.com podcast www.cigital.com/silverbullethttp://www.cigital.com/silverbullet blog www.cigital.com/justiceleaguehttp://www.cigital.com/justiceleague book www.swsec.comhttp://www.swsec.com twitter @cigitalgem p.s. Long URL for Kevin http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html ___ Secure Coding mailing list (SC-L) SC-L@securecoding.orgmailto:SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
