Saturday, May 10, 2008
Interesting behaviors of software developers
Have you noted that the vast majority of CISSPs don't really understand software security? Of course the best way for them to catch up is to attend OWASP meetings but of course much is lost if they don't have a software development background.
As a chapter leader, the one thing that I have made a goal is that I have been successful in filling rooms with security experts, penetration testers and security consultants but need to figure out how to attract more software developers.
I would rather see lots of developers attending OWASP meetings and learning how to build secure software instead of security guys learning how to prove applications insecure. For me to be successful, I need the assistance of those in the blogosphere who are employed by IBM, Accenture, Wipro, Cognizant and other firms to start amplifying the OWASP message and understanding that it is relevant to them...
| | View blog reactionsAs a chapter leader, the one thing that I have made a goal is that I have been successful in filling rooms with security experts, penetration testers and security consultants but need to figure out how to attract more software developers.
I would rather see lots of developers attending OWASP meetings and learning how to build secure software instead of security guys learning how to prove applications insecure. For me to be successful, I need the assistance of those in the blogosphere who are employed by IBM, Accenture, Wipro, Cognizant and other firms to start amplifying the OWASP message and understanding that it is relevant to them...
