Re: HP Protect Keynote (next week 9.17.13)

[Gary McGraw <gem () cigital com>]

hi dinis,

I will be covering the basics for sure.  I agree with all of your points below.

The trickiest one you bring up is security labels which though it may be a good idea is a political swamp.

I am up for an HP Protect band, but I am pretty sure such an idea has never crossed the corporate HP mind!

See you in DC.

gem

From: Dinis Cruz <dinis.cruz () owasp org<mailto:dinis.cruz () owasp org>>
Date: Sunday, September 15, 2013 5:54 AM
To: gem <gem () cigital com<mailto:gem () cigital com>>
Cc: Casey Callaway <ccallaway () cigital com<mailto:ccallaway () cigital com>>, Secure Code Mailing List <SC-L () 
securecoding org<mailto:SC-L () securecoding org>>
Subject: Re: [SC-L] HP Protect Keynote (next week 9.17.13)


I'll be there and am looking forward to seeing it

Can you cover the need to: a) 'talk' to developers using UnitTests, b) stop giving developers PDFs/badometers , c) 
create security Labels for APIs/Apps and d) use open source tools like the O2 Platform (and ThreadFix) to 
integrate+glue the application security knowledge created by tools and humans :)

For the record I'm gutted that HP can't organise an 'Conference Band' like the  'Owasp band' so that we can do our 
yearly rendition of the 'SQL Injection Blues' :)

Dinis

On 15 Sep 2013 09:39, "Gary McGraw" <gem () cigital com<mailto:gem () cigital com>> wrote:
hi sc-l,

This year's keynote talk at HP Protect will be all about software security.  How do I know?  Well, I'm giving the talk. 
 You can register here if you want to attend HP Protect in Washington, DC. http://h30627.www3.hp.com/

The Discover Performance magazine featured an article about software security as one part of the run up to the HP 
Protect Conference.  You can read that here: 
http://bit.ly/153CFDB<http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html>

It's great news for the field that we're being asked to talk about software security at a major conference as the 
keynote.  I hope to see some of you there.

gem

company www.cigital.com<http://www.cigital.com>
podcast www.cigital.com/silverbullet<http://www.cigital.com/silverbullet>
blog www.cigital.com/justiceleague<http://www.cigital.com/justiceleague>
book www.swsec.com<http://www.swsec.com>
twitter @cigitalgem

p.s. Long URL for Kevin 
http://h30458.www3.hp.com/us/us/discover-performance/security-leaders/2013/sep/in-software-security-maturity-is-hard-won_1322645.html



_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org<mailto:SC-L () securecoding org>
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________