hi sc-l, This minor flame war reminds me of the '80s! Hurray.
I have worked hard to inject software security (the building kind) into two conferences: The first was the SD West/SD East set of shows where I started a software security track, did a keynote, invited Schneier to speak, etc. The track was a great success as were the "big talks", but the shows were killed when IDC went down (or was absorbed by UBC). Software Development magazine disappeared or was absorbed into Dr Dobbs at the same time and we had a software security column going there too. Alas. The second involves working on making the RSA Conference "application security" track as strong as possible (and about building versus breaking). I am on the PC of RSA for the second year running. This will be a multi-year project, I'm sure. This doesn't really count, but we have a BSIMM Conference every year as well where the 42 companies participating in the BSIMM project get together to talk software security initiative shop talk. There are no plans to make that into a public conference. gem From: Martin Gilje Jaatun <secse-ch...@sislab.no<mailto:secse-ch...@sislab.no>> Date: Fri, 2 Sep 2011 04:59:59 -0400 To: Secure Code Mailing List <SC-L@securecoding.org<mailto:SC-L@securecoding.org>> Subject: [SC-L] "Building" conferences (was: informIT: Building versus Breaking) Karen Goertzel wrote: > There are these: > > ISC(2) Secure Software Conference Series - > > https://www.isc2.org/PressReleaseDetails.aspx?id=650 > > ESSoS - http://distrinet.cs.kuleuven.be/events/essos/2012/ > > SecSE - http://www.sintef.org/secse > > SSIRI - http://paris.utdallas.edu/ssiri11/ All conferences are not created equal - ESSOS, SecSE and SSIRI are all academic, peer-reviewed conferences/workshops, and probably do not have the same "sex appeal" as BlackHat. Even in academic communities it seems that there are few that appreciate the difference between "security features" and "secure features" (judging by some submissions we get to SecSE). [...] > conferences. I'm in the process of updating some research on how and > where software security assurance is being taught by colleges and > universities, and what I'm finding is that the topic has been pretty > much marginalised into an aspect of information assurance - i.e., it's > being taught mostly to postgraduates who are majoring in IA and I think you're right - to take our local university, NTNU; they have a course on software security, but it's an elective offered to postgraduates in the final year before they start their MSc thesis, which probably means that only those students who already have a special interest in security will choose it. -Martin _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
