I think you misunderstood my points a little bit. SXSW was just a
current conference example. As Gary's pointed out, there are many
conferences. It's possible SXSW wasn't a good example, but it was meant
more symbolically. More comments inline...
Arian J. Evans wrote:
> 1. This is largely the w
Hi again,
I rebooted the security track completely at SD West in 2003 (thanks to tami who
I cc'ed here). I'm on the advisory board.
We're slowly inching our way toward SDL/touchpoints/CLASP stuffs at SD West,
though when I tried to cover the touchpoints and enterprise security in 2006,
intere
So two thoughts Ben, purely my 0.02 USD:
1. This is largely the wrong crowd. Designers of small web2.0 stuffs,
particularly the domain of widgets and WS interfaces for all the usual
suspect platforms (flickr, facebook etc.) as well as most startups:
They just don't care.
They will never care.
S
I agree this is a big issue, there is no cotton picking way that the
security people are solving these problems, it has to come from the
developers. I put together a track for QCon which included Brian Chess
on Static Analysis, John Steven on Threat Modeling, and Jeff Williams on
ESAPI and Web
On Wed, Mar 12, 2008 at 6:08 PM, Benjamin Tomhave
<[EMAIL PROTECTED]> wrote:
> I think you misunderstood my points a little bit. SXSW was just a
> current conference example. As Gary's pointed out, there are many
> conferences. It's possible SXSW wasn't a good example, but it was meant
> more
I agree.
Reaching the development community, that's precisely what we are
trying to do at secappdev. Thanks for helping with that too, Ken.
I have also taken some security-related sessions to conferences such
as XP Days Benelux, XP Days France and SPA. Appearing soon at ACCU.
I would love to hear
Hey andy,
You mean AJAX one? Last time I went there was zero interest and even less
clue about security among attendees. The only shining light was a long
conversation I had with bill joy about security critical decisions those guys
screwed up with Java (especially with regards to closure).
On Wed, Mar 12, 2008 at 4:30 PM, Gary McGraw <[EMAIL PROTECTED]> wrote:
> Hey andy,
>
> You mean AJAX one? Last time I went there was zero interest and even less
> clue about security among attendees. The only shining light was a long
> conversation I had with bill joy about security critical
Ben,
Your point is a good one -- the software security community needs to
be vigilant in reaching out to developers and spreading "the word".
FWIW, some dev conferences have done this. I spoke at SD West in
2006, and there was a significant security track there. Still, it'd
be great to
On Tue, Mar 11, 2008 at 6:43 AM, Benjamin Tomhave
<[EMAIL PROTECTED]> wrote:
> I had just a quick query for everyone out there, with an attached thought.
>
> How many security and/or secure coding professionals are prevalently
> involved with the SXSW conference this week? I know, I know... it's
First, thanks for that Bill, it exemplifies my point perfectly. A couple
thoughts...
one, targeting designers is just as important as reaching out to the
developers themselves... if the designers can ensure that security
requirements are incorporated from the outset, then we receive an added
b
Dear Ben, having just been at SXSW Interactive (I live in Austin, TX) I did not
see many
discussions that pay attention to security, or any other software engineering
oriented concerns,
explicitly.
There was a discussion of scalability for web services that featured the
developers from digg,
Hi All,
With all the questions about what are good books are there any views on
actually implementing the principles i.e. using them on real programmes to
drive security improvement. In particular the contrast between exisitng
programmes and new programmes?
Consider the environment before printin
13 matches
Mail list logo