Hi again, I rebooted the security track completely at SD West in 2003 (thanks to tami who I cc'ed here). I'm on the advisory board.
We're slowly inching our way toward SDL/touchpoints/CLASP stuffs at SD West, though when I tried to cover the touchpoints and enterprise security in 2006, interest was weak. After 5 years of pounding we're getting there though! My suggestion? Get involved organizing these conferences and helping with thought leadership. And just for the record, having your PR dingbats submit (stupid)marketing talks does not count. Others getting the same treatment; SD Best Practices STAR West Better Software MISTI CSI NDSS Usenix security Rock on gem ----- Original Message ----- From: Andy Steingruebl <[EMAIL PROTECTED]> To: Gary McGraw Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; SC-L@securecoding.org <SC-L@securecoding.org> Sent: Wed Mar 12 19:35:35 2008 Subject: Re: [SC-L] quick question - SXSW On Wed, Mar 12, 2008 at 4:30 PM, Gary McGraw <[EMAIL PROTECTED]> wrote: > Hey andy, > > You mean AJAX one? Last time I went there was zero interest and even less > clue about security among attendees. The only shining light was a long > conversation I had with bill joy about security critical decisions those guys > screwed up with Java (especially with regards to closure). > > A decade of evangelism only goes so far! Do help! Fair enough :) I was looking at the program for the just finished SD West and the security track actually looks to have been pretty good. I think one thing we're missing from there is more emphasis on actual SDL process, rather than focus on individual items within it. Activities like how to form a steering group within a company, how to bootstrap some of the practices, etc. Do folks here have suggestions of conferences we ought to be targeting with these sorts of presentations, papers, etc? JavaOne seems like it might have been a good place to target. There are some smaller developer conferences out there, some general security conferences, and there has been discussion here and within OWASP as well of how we can start better targeting these forums for our evangelizing... Thoughts? -- Andy Steingruebl [EMAIL PROTECTED] _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________