« Teaching Reverse Engineering to Kids | Main | Would you like to play a game? »



Wow, Gunnar, the second bar chart rocks. The sad part is that it's true of most of the software developers I've met... "We have security built in, we used OpenSSL".

john O'Hanley

This is an excellent and important point.

Most organizations care deeply about two things:
1. Security of people's data
2. The robustness and quality of the database.

Instead of focusing on what is important, the current fashion is to pay most attention to other issues which are an order of magnitude less important.

Kresten Krab Thorup (JAOO)

Granted. We've not been on top of the topic of security so far. However ... For our next QCon (http://qcon.infoq.com/qcon-sanfrancisco/tracks/) we are planning an application security track, and I intend to include this in the future JAOO's too. I'd love to have input from you on this -- please contact me at krab /a/ jaoo point dk.


Kresten - I have a ton of respect for JAOO, you put together many of the most ineresting tracks and talks of any conference. I am picking on you (and Tim Bray) because I am hopeful that my tiny (yet important) corner of the world could use some more focus. I don't expect mainstream VB.net style conference to cover software security in depth, I am hopeful that leading edge conference (like JAOO) will devote tracks and in depth sessions to software security, becuase they are by far the best positioned to solve these issues; security people cannot solve these issues alone, software people have to help.


This to me sums up exactly why in 2007 we are still seeing shit code being produced. Yes a small handful of developers understand the need for secuirty in the SDLC, but if a conference like JAOO doesn't, then what hope is there?

I like your idea about us putting a tent outside, it's got me thinking :)


The comments to this entry are closed.