Secure Coding mailing list archives
quick question - SXSW
From: gem at cigital.com (Gary McGraw)
Date: Fri, 14 Mar 2008 11:58:54 -0400
hi sc-l, As many of you know, I have been doing this stuff for over a decade now. In terms of developer awareness and uptake, we have made great strides in the last three years. I taught my first training class on software security at Goldman in 2001. Since then, we've trained well over 8000 developers and others on software security (at Cigital where I work). Attitudes have definitely shifted, and the market continues to grow. Demand is up and interest is high. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com On 3/14/08 10:06 AM, "Mike Lyman" <mlyman-cissp at comcast.net> wrote: Arian J. Evans wrote:
Overall security is not a feature or a function that you can monetarize. It's not even cool or sexy. It's an emergent behavior that is only observed when it is making your software harder to use.
Maybe it is just the US Department of Defense environment where I am currently working but I see developers start to see this as cool and sexy. Most are picking it up quickly and a few are even interested in diving in deep into the security world. They ask great questions and are doing a lot of independent research on it. We are in an environment where they get security awareness training a few times a year and are constantly bombarded with security messages but some of them really are getting into it. It gives them something new to learn and it is driving them to go deeper into some development subjects that they normally would not ever be allowed to look at due to delivery schedules. Security is giving them a good excuse to go learn more. -- Mike Lyman mlyman at west-point.org _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- quick question - SXSW, (continued)
- quick question - SXSW Benjamin Tomhave (Mar 12)
- quick question - SXSW Kenneth Van Wyk (Mar 12)
- quick question - SXSW Johan Peeters (Mar 12)
- quick question - SXSW Gunnar Peterson (Mar 12)
- quick question - SXSW John Steven (Mar 14)
- quick question - SXSW Benjamin Tomhave (Mar 12)
- quick question - SXSW Arian J. Evans (Mar 12)
- quick question - SXSW Benjamin Tomhave (Mar 12)
- quick question - SXSW Arian J. Evans (Mar 12)
- quick question - SXSW Mike Lyman (Mar 14)
- quick question - SXSW Arian J. Evans (Mar 14)
- quick question - SXSW Gary McGraw (Mar 14)
- quick question - SXSW Arian J. Evans (Mar 13)
- quick question - SXSW Andrew van der Stock (Mar 26)
- quick question - SXSW Andy Steingruebl (Mar 12)