Secure Coding mailing list archives

quick question - SXSW

From: gem at cigital.com (Gary McGraw)
Date: Fri, 14 Mar 2008 11:58:54 -0400

hi sc-l,

As many of you know, I have been doing this stuff for over a decade now.  In terms of developer awareness and uptake, 
we have made great strides in the last three years.  I taught my first training class on software security at Goldman 
in 2001.  Since then, we've trained well over 8000 developers and others on software security (at Cigital where I 
work).  Attitudes have definitely shifted, and the market continues to grow.  Demand is up and interest is high.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com


On 3/14/08 10:06 AM, "Mike Lyman" <mlyman-cissp at comcast.net> wrote:

Arian J. Evans wrote:

Overall security is not a feature or a function that you can monetarize.
It's not even cool or sexy. It's an emergent behavior that is only
observed when it is making your software harder to use.


Maybe it is just the US Department of Defense environment where I am
currently working but I see developers start to see this as cool and
sexy. Most are picking it up quickly and a few are even interested in
diving in deep into the security world. They ask great questions and are
doing a lot of independent research on it. We are in an environment
where they get security awareness training a few times a year and are
constantly bombarded with security messages but some of them really are
getting into it. It gives them something new to learn and it is driving
them to go deeper into some development subjects that they normally
would not ever be allowed to look at due to delivery schedules. Security
is giving them a good excuse to go learn more.
--

Mike Lyman
mlyman at west-point.org

_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Current thread:

quick question - SXSW, (continued)
- - quick question - SXSW Benjamin Tomhave (Mar 12)
    - quick question - SXSW Kenneth Van Wyk (Mar 12)
    - quick question - SXSW Johan Peeters (Mar 12)
    - quick question - SXSW Gunnar Peterson (Mar 12)
    - quick question - SXSW John Steven (Mar 14)
    - quick question - SXSW Arian J. Evans (Mar 12)
    - quick question - SXSW Benjamin Tomhave (Mar 12)
    - quick question - SXSW Arian J. Evans (Mar 12)
    - quick question - SXSW Mike Lyman (Mar 14)
    - quick question - SXSW Arian J. Evans (Mar 14)
    - quick question - SXSW Gary McGraw (Mar 14)
- quick question - SXSW Andy Steingruebl (Mar 12)
  - quick question - SXSW Arian J. Evans (Mar 13)
    - quick question - SXSW Andrew van der Stock (Mar 26)
- quick question - SXSW Gary McGraw (Mar 12)
  - quick question - SXSW Andy Steingruebl (Mar 12)
- quick question - SXSW Gary McGraw (Mar 12)