coding.org
Subject: RE: [SC-L] Software Security Training for Developers
One of the things that is somewhat frustrating as a customer to training and
software vendors are statements such as "some general policy and guidelines"
without any pointers to what they should specifically cont
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nish Bhalla
Sent: Thursday, August 16, 2007 11:21 PM
To: 'McCown, Christian M'
Cc: sc-l@securecoding.org
Subject: Re: [SC-L] Software Security Training for Developers
Hi Chris,
We at Security Compass have been doing
My general observation of training firms in this area is that they all
tend to use freelance trainers who float between the firms. The notion
of customized courseware is something they sell as a feature but
honestly feels more like a way to avoid actually developing consistent
training approaches w
IO.
--Sammy.
-Original Message-
From: Hollis via Rubicon Recluse [mailto:[EMAIL PROTECTED]
Sent: Monday, August 20, 2007 2:09 PM
To: Johan Peeters
Cc: Sammy Migues; sc-l@securecoding.org
Subject: Re: [SC-L] Software Security Training for Developers
Hi Sammie and Yo,
Tkx for the good highlev
On 8/20/07, Hollis via Rubicon Recluse <[EMAIL PROTECTED]> wrote:
> Hi Sammie and Yo,
>
> Tkx for the good highlevel insights. A few
> questions, I'm interested specifically for
> developer/designers, but I'm sure others are interested in other audiences:
>
> - What languages/OS/environments are yo
>From my experience with secappdev.org (http://secappdev.org), a
not-for-profit organization set up to create security awareness and
improve skills in the developer community, I find myself in agreement
with many of the points that Sammy raises.
Development is not only about coding. secappdev tends
Hi Chris,
My experience is that, like most engineers, most software developers want to
improve their skills and that, as a group, they hate making easily-avoidable
mistakes of any sort. Training that focuses on reinforcing their existing
skills in design and development and then works methodica
Hi Chris,
We at Security Compass have been doing that for developers for about 2 years
now. We have done this type of training and also the training from the pen
tester angle.
Some of the things that we have seem make this training much more effective
are
[] If the direction for the tr