Re: "Building" conferences (was: informIT: Building versus Breaking)

[Gary McGraw <gem () cigital com>]

hi sc-l,

This minor flame war reminds me of the '80s!  Hurray.

I have worked hard to inject software security (the building kind) into two conferences:  The first was the SD West/SD 
East set of shows where I started a software security track, did a keynote, invited Schneier to speak, etc.  The track 
was a great success as were the "big talks", but the shows were killed when IDC went down (or was absorbed by UBC).  
Software Development magazine disappeared or was absorbed into Dr Dobbs at the same time and we had a software security 
column going there too.  Alas.  The second involves working on making the RSA Conference "application security" track 
as strong as possible (and about building versus breaking).  I am on the PC of RSA for the second year running.  This 
will be a multi-year project, I'm sure.

This doesn't really count, but we have a BSIMM Conference every year as well where the 42 companies participating in 
the BSIMM project get together to talk software security initiative shop talk.   There are no plans to make that into a 
public conference.

gem

From: Martin Gilje Jaatun <secse-chair () sislab no<mailto:secse-chair () sislab no>>
Date: Fri, 2 Sep 2011 04:59:59 -0400
To: Secure Code Mailing List <SC-L () securecoding org<mailto:SC-L () securecoding org>>
Subject: [SC-L] "Building" conferences (was: informIT: Building versus Breaking)

Karen Goertzel wrote:

> There are these:
>
> ISC(2) Secure Software Conference Series - >
> https://www.isc2.org/PressReleaseDetails.aspx?id=650
>
> ESSoS - http://distrinet.cs.kuleuven.be/events/essos/2012/
>
> SecSE - http://www.sintef.org/secse
>
> SSIRI - http://paris.utdallas.edu/ssiri11/

All conferences are not created equal - ESSOS, SecSE and SSIRI are all academic, peer-reviewed conferences/workshops, 
and probably do not have the same "sex appeal" as BlackHat. Even in academic communities it seems that there are few 
that appreciate the difference between "security features" and "secure features" (judging by some submissions we get to 
SecSE).

[...]
> conferences. I'm in the process of updating some research on how and
> where software security assurance is being taught by colleges and
> universities, and what I'm finding is that the topic has been pretty
> much marginalised into an aspect of information assurance - i.e., it's
> being taught mostly to postgraduates who are majoring in IA and

I think you're right - to take our local university, NTNU; they have a course on software security, but it's an 
elective offered to postgraduates in the final year before they start their MSc thesis, which probably means that only 
those students who already have a special interest in security will choose it.

-Martin

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________