If you go to a software development conference, you hear a lot about innovation - distributed hashtables, massive scalability and so on. But you hear very, very little about security. If you go to a security conference, you hear a lot about why developers suck, and how the apps are broken. But you hear very, very little about what to *do* about any of it.
OWASP AppSec is on its seventh conference, these conferences have the best mix of people - developers, architects, security people - who can actually make positive forward progress in the software security space.
Today, we have the first Web services track with a great lineup of speakers - Rich Salz, Mark O'Neill, and Brad Hill. There are many great talks on other tracks on Web 2.0 security and such. What I would hope for OWASP is that the good ideas and code that is generated here will start to filter into the software conferences and the security conferences - both camps need a ton of help.
Comments