Re: [SC-L] Software Security Training for Developers

2007-08-28 Thread Nish Bhalla
coding.org Subject: RE: [SC-L] Software Security Training for Developers One of the things that is somewhat frustrating as a customer to training and software vendors are statements such as "some general policy and guidelines" without any pointers to what they should specifically cont

Re: [SC-L] Software Security Training for Developers

2007-08-28 Thread McGovern, James F (HTSC, IT)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nish Bhalla Sent: Thursday, August 16, 2007 11:21 PM To: 'McCown, Christian M' Cc: sc-l@securecoding.org Subject: Re: [SC-L] Software Security Training for Developers Hi Chris, We at Security Compass have been doing

Re: [SC-L] Software Security Training for Developers

2007-08-28 Thread McGovern, James F (HTSC, IT)
My general observation of training firms in this area is that they all tend to use freelance trainers who float between the firms. The notion of customized courseware is something they sell as a feature but honestly feels more like a way to avoid actually developing consistent training approaches w

Re: [SC-L] Software Security Training for Developers

2007-08-21 Thread Sammy Migues
IO. --Sammy. -Original Message- From: Hollis via Rubicon Recluse [mailto:[EMAIL PROTECTED] Sent: Monday, August 20, 2007 2:09 PM To: Johan Peeters Cc: Sammy Migues; sc-l@securecoding.org Subject: Re: [SC-L] Software Security Training for Developers Hi Sammie and Yo, Tkx for the good highlev

Re: [SC-L] Software Security Training for Developers

2007-08-20 Thread Johan Peeters
On 8/20/07, Hollis via Rubicon Recluse <[EMAIL PROTECTED]> wrote: > Hi Sammie and Yo, > > Tkx for the good highlevel insights. A few > questions, I'm interested specifically for > developer/designers, but I'm sure others are interested in other audiences: > > - What languages/OS/environments are yo

Re: [SC-L] Software Security Training for Developers

2007-08-19 Thread Johan Peeters
>From my experience with secappdev.org (http://secappdev.org), a not-for-profit organization set up to create security awareness and improve skills in the developer community, I find myself in agreement with many of the points that Sammy raises. Development is not only about coding. secappdev tends

Re: [SC-L] Software Security Training for Developers

2007-08-17 Thread Sammy Migues
Hi Chris, My experience is that, like most engineers, most software developers want to improve their skills and that, as a group, they hate making easily-avoidable mistakes of any sort. Training that focuses on reinforcing their existing skills in design and development and then works methodica

Re: [SC-L] Software Security Training for Developers

2007-08-17 Thread Nish Bhalla
Hi Chris, We at Security Compass have been doing that for developers for about 2 years now. We have done this type of training and also the training from the pen tester angle. Some of the things that we have seem make this training much more effective are [] If the direction for the tr