Secure Coding mailing list archives
quick question - SXSW
From: arian.evans at anachronic.com (Arian J. Evans)
Date: Fri, 14 Mar 2008 08:55:33 -0700
I'm not sure if the post made the list, but I outlined what I believe is a huge difference between government and beltway contractors, and the private sector. DoD (and most gov/gov-contractor corps) fall squarely into the "assurance" camps. Private sector is heavily into "mitigation" and "response". I get a completely different feel, due to entirely different organizational/business realities, from software startups and silicon valley in general. That's great that you see this, though. Good news. -ae On Fri, Mar 14, 2008 at 7:06 AM, Mike Lyman <mlyman-cissp at comcast.net> wrote:
Arian J. Evans wrote: > Overall security is not a feature or a function that you can monetarize. > It's not even cool or sexy. It's an emergent behavior that is only > observed when it is making your software harder to use. > Maybe it is just the US Department of Defense environment where I am currently working but I see developers start to see this as cool and sexy. Most are picking it up quickly and a few are even interested in diving in deep into the security world. They ask great questions and are doing a lot of independent research on it. We are in an environment where they get security awareness training a few times a year and are constantly bombarded with security messages but some of them really are getting into it. It gives them something new to learn and it is driving them to go deeper into some development subjects that they normally would not ever be allowed to look at due to delivery schedules. Security is giving them a good excuse to go learn more. -- Mike Lyman mlyman at west-point.org _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
-- Arian Evans software security stuff
Current thread:
- quick question - SXSW, (continued)
- quick question - SXSW William L. Anderson (Mar 12)
- quick question - SXSW Benjamin Tomhave (Mar 12)
- quick question - SXSW Kenneth Van Wyk (Mar 12)
- quick question - SXSW Johan Peeters (Mar 12)
- quick question - SXSW Gunnar Peterson (Mar 12)
- quick question - SXSW John Steven (Mar 14)
- quick question - SXSW Benjamin Tomhave (Mar 12)
- quick question - SXSW Arian J. Evans (Mar 12)
- quick question - SXSW Benjamin Tomhave (Mar 12)
- quick question - SXSW Arian J. Evans (Mar 12)
- quick question - SXSW William L. Anderson (Mar 12)
- quick question - SXSW Mike Lyman (Mar 14)
- quick question - SXSW Arian J. Evans (Mar 14)
- quick question - SXSW Gary McGraw (Mar 14)
- quick question - SXSW Arian J. Evans (Mar 13)
- quick question - SXSW Andrew van der Stock (Mar 26)
- quick question - SXSW Andy Steingruebl (Mar 12)