Secure Coding mailing list archives

Re: informIT: Building versus Breaking

From: James Walden <james.walden () gmail com>
Date: Sun, 4 Sep 2011 10:27:27 -0400

There are also a couple of other relevant academic security conferences:

MetriSec - http://metrisec2011.cs.nku.edu/ (September 21st in Banff, Canada)
SESS - http://homes.dico.unimi.it/~monga/sess11.html (May)

On Thu, Sep 1, 2011 at 12:41 PM, Goertzel, Karen [USA] <
goertzel_karen () bah com> wrote:

There are these:

ISC(2) Secure Software Conference Series -
https://www.isc2.org/PressReleaseDetails.aspx?id=650

ESSoS - http://distrinet.cs.kuleuven.be/events/essos/2012/

SecSE - http://www.sintef.org/secse

SSIRI - http://paris.utdallas.edu/ssiri11/


But your point is taken. Most of the conferences in this domain appear to
be outside the U.S. I'm not sure what THAT says about U.S. attitudes about
software assurance (though I have my suspicions).

More important is the question of who actually attends these conferences.
I'm in the process of updating some research on how and where software
security assurance is being taught by colleges and universities, and what
I'm finding is that the topic has been pretty much marginalised into an
aspect of information assurance - i.e., it's being taught mostly to
postgraduates who are majoring in IA and related disciplines - rather than
an aspect of software development. There are exceptions, of course - but by
and large that seems to be the trend. And I think the same is true of the
conferences. It's the security wonks who care about software assurance much
more than the actual software developers. Take a look at:
http://zastita.com/index.php?det=64494

===
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com

Sorry, you have reached an imaginary number.
If you require a real number, please rotate
your phone by ninety degrees and try again.
________________________________________
From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on
behalf of Steven M. Christey [coley () linus mitre org]
Sent: 31 August 2011 16:45
To: Sergio 'shadown' Alvarez
Cc: Adam Shostack; Secure Code Mailing List
Subject: Re: [SC-L] informIT: Building versus Breaking

While I'd like to see Black Hat add some more defensive-minded tracks, I
just realized that this desire might a symptom of a larger problem: there
aren't really any large-scale conferences dedicated to defense / software
assurance.  (The OWASP conferences are heavily web-focused; Dept. of
Homeland Security has its software assurance forum and working groups, but
those are relatively small.)

If somebody built it, would anybody come?

- Steve
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

informIT: Building versus Breaking Gary McGraw (Aug 31)
- Re: informIT: Building versus Breaking Sergio 'shadown' Alvarez (Aug 31)
  - Re: informIT: Building versus Breaking Steven M. Christey (Sep 01)
    - Re: informIT: Building versus Breaking Goertzel, Karen [USA] (Sep 01)
    - Re: informIT: Building versus Breaking James Walden (Sep 05)
    - Re: informIT: Building versus Breaking Jeffrey Walton (Sep 05)
    - Re: informIT: Building versus Breaking Jeremy Epstein (Sep 05)
  - Re: informIT: Building versus Breaking Chris Schmidt (Sep 01)
    - Re: informIT: Building versus Breaking Sergio 'shadown' Alvarez (Sep 01)
    - "Building" conferences (was: informIT: Building versus Breaking) Martin Gilje Jaatun (Sep 05)
    - Re: "Building" conferences (was: informIT: Building versus Breaking) Gary McGraw (Sep 05)
  - Re: informIT: Building versus Breaking Stephen Craig Evans (Sep 01)
    - Re: informIT: Building versus Breaking Sergio 'shadown' Alvarez (Sep 01)
    - Re: informIT: Building versus Breaking Tom Brennan (Sep 05)
    - Re: informIT: Building versus Breaking iarce (Sep 05)

(Thread continues...)