hi sc-l, Happy Halloween everybody.
Sammy Migues and I just published an article on Software Security Training in informIT based on a decade of experience delivering software security training: http://www.informit.com/articles/article.aspx?p=1767770 The article includes some analysis of both data from the BSIMM study and information from Cigital's Training practice. FWIW, we estimate we have trained 14,000 developers using instructor led training. Our computer based training (CBT) is deployed to 105,000 students. Plenty of real world data. Training is an essential part of any software security initiative. As we refocus our efforts in software security to be more about fixing software security problems and less about simply finding problems in software, training will play an even bigger role. What are the rest of you seeing out there on the training front? gem p.s. Thanks to Mike Pittenger for his help with the article. company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________