[SC-L] quick question - SXSW

[Arian J. Evans]

On Wed, Mar 12, 2008 at 3:05 PM, Andy Steingruebl <steingra at gmail.com> wrote:

>  On a related note a quick perusal of the JavaOne conference tracks
>  doesn't show a lot of content in this area either.  Is this due to a
>  lack of interest, or people in the security world not pitching talks
>  to the development conference organizer?

Both.

Java is a tricky one. There were security sessions early on in
Java conferences, but they were about the stuff no one on the
planet actually does -- e.g. container security, code signing,
and JVM/applet permissions.

I think that turned a lot of devs off of security in Java-land.

In related news we're building J2EE courseware in a "by developers,
for developers" fashion and Anurag will be releasing some APIs
for java developers to actually do things like output encoding,
where Java/J2EE is about 4 years behind the rest of the world.

I imaged later this year or next year you'll see a few of us focusing
on developer (versus security) conferences, though I don't think
this changes the business problem/reality at all.

-- 
Arian Evans
software security stuff