Security Testing track: Software TestingConference:Washington DC

[mbrown at sans.org (Mason Brown)]

Most of you know SANS is spending a lot of time an effort focused on
software and application security.  If you think there is a role we can play
in this specific area and would like to talk to me about that, please feel
free to connect with me offline.

If not, we'll stay head down on the current initiatives.

Paco, it's probably too late for us to help much with your event but we can
chat about that.

Mase


Mason Brown, Director
SANS Institute (www.sans.org)
865-692-0978 (w)
 
SANS Network Security 2007 in Las Vegas, September 22-30. 39 courses, SANS
top instructors. http://www.sans.org/info/9346

"SANS remains the gold standard in security training - technical, hands on
and immediately useful and relevant." Robin Stuart, eBay


-----Original Message-----
From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org]
On Behalf Of Chris Wysopal
Sent: Thursday, September 06, 2007 12:48 PM
To: McGovern, James F (HTSC, IT); sc-l at securecoding.org
Subject: Re: [SC-L] Security Testing track: Software
TestingConference:Washington DC


There has been some movement in this direction and I think you are correct
that that we need to educate the mainstream QA audience just as we must
educate the mainstream developer audience.  I am giving a keynote on
software security testing at Practical Quality and Software Testing in
Minneapolis next week: http://www.psqtconference.com/. I am also speaking at
STPCon on prioritizing security testing.  There are also speakers from SPI
Dynamics and Ounce Labs at that conference.  If you know of other QA
conferences please post them here as I am interested at speaking to this
audience and I have found them bery receptive to security testing topics.

Another educational approach is to target this community when we write books
and magazine articles on software security. One of the goals of my book,
"The Art of Software Security Testing" was to bring the concepts of security
testing to a traditional QA audience.  To that end I teamed up with Elfriede
Dustin, an author of several QA books, and an organizer of the Verify
conference to make sure the book spoke to the right audience.

I know Joseph Feiman at Gartner has software security testing as a focus
area.  He has written a few research notes on the topic.

-Chris

-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org] On Behalf Of McGovern, James F (HTSC,
IT)
Sent: Tuesday, August 28, 2007 10:39 AM
To: sc-l at securecoding.org
Subject: Re: [SC-L] Security Testing track: Software Testing
Conference:Washington DC

 Upon reading this, I had several thoughts come to mind:

1. If we are to truly solve the last mile, we need to also choose more
mainstream conferences such as STPCon (http://www.stpcon.com) since they
also have an associated magazine (Software Test and Performance) which may
stimulate more magazine articles on the topic. I did a quick run upstairs to
our QA folks and asked them what magazines do they read as well as awareness
of certain conferences.

2. What do you think we can do as a unified group of individuals in terms of
a listserv to encourage various industry analyst firms such as Gartner,
Forrester and The Burton Group to talk about Secure Software Testing as a
research area? Many CIOs and other IT executives put lots of value into what
they say. We need more top down.

3. What would it take to get more speaker diversity? We have to figure out
how to get more end-customers telling their own stories vs vendors and
consulting firms

-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org] On Behalf Of Paco Hope
Sent: Thursday, August 16, 2007 1:41 PM
To: Secure Coding
Subject: [SC-L] Security Testing track: Software Testing
Conference:Washington DC


Hey folks,

One of my strong beliefs is that we're never going to close the loop on
"Building Security In" until we get the QA side of the house involved in
security. To that end, I'm co-chairing VERIFY 2007, a software testing
conference where we have a security testing track. (In addition to more
typical QA issues like test automation) I thought some folks on this list
may be interested in attending, or passing it on to your colleagues in QA
organizations.

Conference web site is http://verifyconference.com/ and you can get a 2-page
"Conference in a Nutshell" PDF here:
http://verifyconference.com/images/verify/verify2007.pdf

Please help me spread the word.

Thanks,
Paco
--
Paco Hope, CISSP
Co-Chair, VERIFY 2007
http://verifyconference.com/ * +1.703.606.1905


************************************************************************
*
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.
************************************************************************
*


_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org List information,
subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC
(http://www.KRvW.com) as a free, non-commercial service to the software
security community.
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org List information,
subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________