informIT: Software Security Training

[Gary McGraw <gem () cigital com>]

hi sc-l,

Happy Halloween everybody.

Sammy Migues and I just published an article on Software Security Training in informIT based on a decade of experience 
delivering software security training:
http://www.informit.com/articles/article.aspx?p=1767770

The article includes some analysis of both data from the BSIMM study and information from Cigital's Training practice.  
FWIW, we estimate we have trained 14,000 developers using instructor led training.  Our computer based training (CBT) 
is deployed to 105,000 students.  Plenty of real world data.

Training is an essential part of any software security initiative.  As we refocus our efforts in software security to 
be more about fixing software security problems and less about simply finding problems in software, training will play 
an even bigger role.

What are the rest of you seeing out there on the training front?

gem

p.s. Thanks to Mike Pittenger for his help with the article.

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________