Re: [SC-L] HP Protect Keynote (next week 9.17.13)

2013-09-15 Thread Gary McGraw 
hi dinis,

I will be covering the basics for sure.  I agree with all of your points below.

The trickiest one you bring up is security labels which though it may be a good 
idea is a political swamp.

I am up for an HP Protect band, but I am pretty sure such an idea has never 
crossed the corporate HP mind!

See you in DC.

gem

From: Dinis Cruz mailto:dinis.c...@owasp.org>>
Date: Sunday, September 15, 2013 5:54 AM
To: gem mailto:g...@cigital.com>>
Cc: Casey Callaway mailto:ccalla...@cigital.com>>, 
Secure Code Mailing List mailto:SC-L@securecoding.org>>
Subject: Re: [SC-L] HP Protect Keynote (next week 9.17.13)


I'll be there and am looking forward to seeing it

Can you cover the need to: a) 'talk' to developers using UnitTests, b) stop 
giving developers PDFs/badometers , c) create security Labels for APIs/Apps and 
d) use open source tools like the O2 Platform (and ThreadFix) to integrate+glue 
the application security knowledge created by tools and humans :)

For the record I'm gutted that HP can't organise an 'Conference Band' like the  
'Owasp band' so that we can do our yearly rendition of the 'SQL Injection 
Blues' :)

Dinis

On 15 Sep 2013 09:39, "Gary McGraw" mailto:g...@cigital.com>> 
wrote:
hi sc-l,

This year's keynote talk at HP Protect will be all about software security.  
How do I know?  Well, I'm giving the talk.  You can register here if you want 
to attend HP Protect in Washington, DC. http://h30627.www3.hp.com/

The Discover Performance magazine featured an article about software security 
as one part of the run up to the HP Protect Conference.  You can read that 
here: 
http://bit.ly/153CFDB<http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html>

It's great news for the field that we're being asked to talk about software 
security at a major conference as the keynote.  I hope to see some of you there.

gem

company www.cigital.com<http://www.cigital.com>
podcast www.cigital.com/silverbullet<http://www.cigital.com/silverbullet>
blog www.cigital.com/justiceleague<http://www.cigital.com/justiceleague>
book www.swsec.com<http://www.swsec.com>
twitter @cigitalgem

p.s. Long URL for Kevin 
http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html



___
Secure Coding mailing list (SC-L) 
SC-L@securecoding.org<mailto:SC-L@securecoding.org>
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

Re: [SC-L] HP Protect Keynote (next week 9.17.13)

2013-09-15 Thread Dinis Cruz 
I'll be there and am looking forward to seeing it

Can you cover the need to: a) 'talk' to developers using UnitTests, b) stop
giving developers PDFs/badometers , c) create security Labels for APIs/Apps
and d) use open source tools like the O2 Platform (and ThreadFix) to
integrate+glue the application security knowledge created by tools and
humans :)

For the record I'm gutted that HP can't organise an 'Conference Band' like
the  'Owasp band' so that we can do our yearly rendition of the 'SQL
Injection Blues' :)

Dinis
On 15 Sep 2013 09:39, "Gary McGraw"  wrote:

> hi sc-l,
>
> This year's keynote talk at HP Protect will be all about software
> security.  How do I know?  Well, I'm giving the talk.  You can register
> here if you want to attend HP Protect in Washington, DC.
> http://h30627.www3.hp.com/
>
> The Discover Performance magazine featured an article about software
> security as one part of the run up to the HP Protect Conference.  You can
> read that here: http://bit.ly/153CFDB<
> http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html
> >
>
> It's great news for the field that we're being asked to talk about
> software security at a major conference as the keynote.  I hope to see some
> of you there.
>
> gem
>
> company www.cigital.com
> podcast www.cigital.com/silverbullet
> blog www.cigital.com/justiceleague
> book www.swsec.com
> twitter @cigitalgem
>
> p.s. Long URL for Kevin
> http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html
>
>
>
> ___
> Secure Coding mailing list (SC-L) SC-L@securecoding.org
> List information, subscriptions, etc -
> http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> ___
>
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

[SC-L] HP Protect Keynote (next week 9.17.13)

2013-09-15 Thread Gary McGraw 
hi sc-l,

This year's keynote talk at HP Protect will be all about software security.  
How do I know?  Well, I'm giving the talk.  You can register here if you want 
to attend HP Protect in Washington, DC. http://h30627.www3.hp.com/

The Discover Performance magazine featured an article about software security 
as one part of the run up to the HP Protect Conference.  You can read that 
here: 
http://bit.ly/153CFDB

It's great news for the field that we're being asked to talk about software 
security at a major conference as the keynote.  I hope to see some of you there.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com
twitter @cigitalgem

p.s. Long URL for Kevin 
http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html



___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___