[SC-L] quick question - SXSW

Arian J. Evans arian.evans at anachronic.com
Fri Mar 14 10:55:33 EST 2008 

I'm not sure if the post made the list, but I outlined
what I believe is a huge difference between government
and beltway contractors, and the private sector.

DoD (and most gov/gov-contractor corps) fall squarely
into the "assurance" camps.

Private sector is heavily into "mitigation" and "response".

I get a completely different feel, due to entirely different
organizational/business realities, from software startups
and silicon valley in general.

That's great that you see this, though. Good news.

-ae


On Fri, Mar 14, 2008 at 7:06 AM, Mike Lyman <mlyman-cissp at comcast.net> wrote:
> Arian J. Evans wrote:
>  > Overall security is not a feature or a function that you can monetarize.
>  > It's not even cool or sexy. It's an emergent behavior that is only
>  > observed when it is making your software harder to use.
>  >
>
>  Maybe it is just the US Department of Defense environment where I am
>  currently working but I see developers start to see this as cool and
>  sexy. Most are picking it up quickly and a few are even interested in
>  diving in deep into the security world. They ask great questions and are
>  doing a lot of independent research on it. We are in an environment
>  where they get security awareness training a few times a year and are
>  constantly bombarded with security messages but some of them really are
>  getting into it. It gives them something new to learn and it is driving
>  them to go deeper into some development subjects that they normally
>  would not ever be allowed to look at due to delivery schedules. Security
>  is giving them a good excuse to go learn more.
>  --
>
>  Mike Lyman
>  mlyman at west-point.org
>
>
>
>  _______________________________________________
>  Secure Coding mailing list (SC-L) SC-L at securecoding.org
>  List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
>  List charter available at - http://www.securecoding.org/list/charter.php
>  SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
>  as a free, non-commercial service to the software security community.
>  _______________________________________________
>



-- 
Arian Evans
software security stuff

More information about the SC-L mailing list