Re: informIT: Building versus Breaking

["Goertzel, Karen [USA]" <goertzel_karen () bah com>]

There are these:

ISC(2) Secure Software Conference Series - https://www.isc2.org/PressReleaseDetails.aspx?id=650

ESSoS - http://distrinet.cs.kuleuven.be/events/essos/2012/

SecSE - http://www.sintef.org/secse

SSIRI - http://paris.utdallas.edu/ssiri11/


But your point is taken. Most of the conferences in this domain appear to be outside the U.S. I'm not sure what THAT 
says about U.S. attitudes about software assurance (though I have my suspicions). 

More important is the question of who actually attends these conferences. I'm in the process of updating some research 
on how and where software security assurance is being taught by colleges and universities, and what I'm finding is that 
the topic has been pretty much marginalised into an aspect of information assurance - i.e., it's being taught mostly to 
postgraduates who are majoring in IA and related disciplines - rather than an aspect of software development. There are 
exceptions, of course - but by and large that seems to be the trend. And I think the same is true of the conferences. 
It's the security wonks who care about software assurance much more than the actual software developers. Take a look 
at: http://zastita.com/index.php?det=64494

===
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com

Sorry, you have reached an imaginary number.
If you require a real number, please rotate
your phone by ninety degrees and try again.
________________________________________
From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on behalf of Steven M. Christey [coley () 
linus mitre org]
Sent: 31 August 2011 16:45
To: Sergio 'shadown' Alvarez
Cc: Adam Shostack; Secure Code Mailing List
Subject: Re: [SC-L] informIT: Building versus Breaking

While I'd like to see Black Hat add some more defensive-minded tracks, I
just realized that this desire might a symptom of a larger problem: there
aren't really any large-scale conferences dedicated to defense / software
assurance.  (The OWASP conferences are heavily web-focused; Dept. of
Homeland Security has its software assurance forum and working groups, but
those are relatively small.)

If somebody built it, would anybody come?

- Steve
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________