Hi James, Put in such a positive fashion, how could I disagree?! Here's the list of victims so far. I think you'll find as many commercial people on this list as academics: 1. Avi Rubin 2. Dan Geer 3. Marcus Ranum 4. Dana Epp 5. Ed Felten 6. Michael Howard 7. John Stewart 8. Brian Chess 9.
I'm sorry James, but I have to respectfully disagree about the vendor thing. Perhaps the tools vendors target the information protection people, but at Cigital we sell services to software execs (in huge companies) who are way up the food chain. Software security is small, and we need to
I just conducted a super-official study of what my peers are reading by walking a total of five aisles within a very large building. Here are a list of magazines on folks desk: - Infoworld - Java Developers Journal - Insurance Technology - DMReview - Intelligent Enterprise - CIO - Insurance
FYI. Awhile back I mentioned the Technology Managers Forum in which I am a participant. The agenda is finalized and secure coding practices was the number one topic: http://www.techforum.com/sf2007_1/index.html For product vendors and consulting firms that want access to key decision makers,
McGovern, James F \(HTSC, IT\) [mailto:[EMAIL PROTECTED] writes: I just conducted a super-official study of what my peers are reading by walking a total of five aisles within a very large building. Here are a list of magazines on folks desk: - Infoworld - Java Developers Journal -
Last year's conference, MetriCon 1.0 featured a software security metrics track ( http://securitymetrics.org/content/Wiki.jsp?page=Metricon1.0), including: * A Metric for Evaluating Static Analysis Tools - Chess Tsipenyuk, Fortify * An Attack Surface Metric - Manadhata Wing, Carnegie-Mellon *
I've just caught up with 6 weeks of backlogged messages in this group, and wanted to offer some thoughts on topics that have been hashed out, but haven't seen these points made. (1) SOX is a waste, as several people said, because it's just a way to give auditors more ways to demand irrelevant