Hi James,
Put in such a positive fashion, how could I disagree?! Here's the list
of victims so far. I think you'll find as many commercial people on
this list as academics:
1. Avi Rubin
2. Dan Geer
3. Marcus Ranum
4. Dana Epp
5. Ed Felten
6. Michael Howard
7. John Stewart
8. Brian Chess
9.
I'm sorry James, but I have to respectfully disagree about the vendor
thing. Perhaps the tools vendors target the information protection
people, but at Cigital we sell services to software execs (in huge
companies) who are way up the food chain.
Software security is small, and we need to
I just conducted a super-official study of what my peers are reading by walking
a total of five aisles within a very large building. Here are a list of
magazines on folks desk:
- Infoworld
- Java Developers Journal
- Insurance Technology
- DMReview
- Intelligent Enterprise
- CIO
- Insurance
FYI. Awhile back I mentioned the Technology Managers Forum in which I am a
participant. The agenda is finalized and secure coding practices was the number
one topic: http://www.techforum.com/sf2007_1/index.html For product vendors and
consulting firms that want access to key decision makers,
McGovern, James F \(HTSC, IT\) [mailto:[EMAIL PROTECTED] writes:
I just conducted a super-official study of what my peers are reading by
walking a total of five aisles within a very large building. Here are a
list of magazines on folks desk:
- Infoworld
- Java Developers Journal
-
Last year's conference, MetriCon 1.0 featured a software security metrics
track ( http://securitymetrics.org/content/Wiki.jsp?page=Metricon1.0),
including:
* A Metric for Evaluating Static Analysis Tools - Chess Tsipenyuk, Fortify
* An Attack Surface Metric - Manadhata Wing, Carnegie-Mellon
*
I've just caught up with 6 weeks of backlogged messages in this group,
and wanted to offer some thoughts on topics that have been hashed out,
but haven't seen these points made.
(1) SOX is a waste, as several people said, because it's just a way to
give auditors more ways to demand irrelevant