Secure Coding mailing list archives

quick question - SXSW

From: arian.evans at anachronic.com (Arian J. Evans)
Date: Fri, 14 Mar 2008 08:55:33 -0700

I'm not sure if the post made the list, but I outlined
what I believe is a huge difference between government
and beltway contractors, and the private sector.

DoD (and most gov/gov-contractor corps) fall squarely
into the "assurance" camps.

Private sector is heavily into "mitigation" and "response".

I get a completely different feel, due to entirely different
organizational/business realities, from software startups
and silicon valley in general.

That's great that you see this, though. Good news.

-ae


On Fri, Mar 14, 2008 at 7:06 AM, Mike Lyman <mlyman-cissp at comcast.net> wrote:

Arian J. Evans wrote:
 > Overall security is not a feature or a function that you can monetarize.
 > It's not even cool or sexy. It's an emergent behavior that is only
 > observed when it is making your software harder to use.
 >

 Maybe it is just the US Department of Defense environment where I am
 currently working but I see developers start to see this as cool and
 sexy. Most are picking it up quickly and a few are even interested in
 diving in deep into the security world. They ask great questions and are
 doing a lot of independent research on it. We are in an environment
 where they get security awareness training a few times a year and are
 constantly bombarded with security messages but some of them really are
 getting into it. It gives them something new to learn and it is driving
 them to go deeper into some development subjects that they normally
 would not ever be allowed to look at due to delivery schedules. Security
 is giving them a good excuse to go learn more.
 --

 Mike Lyman
 mlyman at west-point.org

 _______________________________________________
 Secure Coding mailing list (SC-L) SC-L at securecoding.org
 List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
 List charter available at - http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
 as a free, non-commercial service to the software security community.
 _______________________________________________




-- 
Arian Evans
software security stuff

Current thread:

quick question - SXSW, (continued)
- quick question - SXSW William L. Anderson (Mar 12)
  - quick question - SXSW Benjamin Tomhave (Mar 12)
    - quick question - SXSW Kenneth Van Wyk (Mar 12)
    - quick question - SXSW Johan Peeters (Mar 12)
    - quick question - SXSW Gunnar Peterson (Mar 12)
    - quick question - SXSW John Steven (Mar 14)
    - quick question - SXSW Arian J. Evans (Mar 12)
    - quick question - SXSW Benjamin Tomhave (Mar 12)
    - quick question - SXSW Arian J. Evans (Mar 12)
    - quick question - SXSW Mike Lyman (Mar 14)
    - quick question - SXSW Arian J. Evans (Mar 14)
    - quick question - SXSW Gary McGraw (Mar 14)
- quick question - SXSW Andy Steingruebl (Mar 12)
  - quick question - SXSW Arian J. Evans (Mar 13)
    - quick question - SXSW Andrew van der Stock (Mar 26)
- quick question - SXSW Gary McGraw (Mar 12)
  - quick question - SXSW Andy Steingruebl (Mar 12)
- quick question - SXSW Gary McGraw (Mar 12)