Upcoming public eventsI will give a talk at the OWASP EU 08 conference in Ghent on how to fit input validation into an application's architecture on May 22nd. Essentially the same talk will be repeated at the OWASP NYC AppSec 2008 conference in New York City on October 8th.
Some recent events
André Mariën, Bart De Win and I led a workshop on installing secure development processes at ACCU 2008 on April 5th in Oxford, UK. The two most important issues to come out of the workshop were
- developers need to be more aware of possible exploits. This ties in well with the evaluations we received of the SecAppDev 2008 course, where the module on exploiting vulnerabilities also received a very high score;
- clearer security objectives need to be set. The objectives should be prioritized rationally and consistently.
André Mariën, Maarten Van Horenbeeck and I led a session on security architectures in November at XP Days Benelux 2007 in Mechelen, Belgium.
In November 2006, Paul Dyson and I ran a workshop on planning for non-functional requirements at the XP Day Benelux in Mechelen, Belgium. We held a similar workshop in March 2007 at SPA 2007 in Cambridge, UK. I summarized the discussion in a weblog entry.
I was on the program committee of the Open Web Application Security Project (OWASP) Europe 2006 Conference held in Leuven on May 30th and 31st. I also acted as moderator for a panel discussion on "Should companies be emulating Microsoft's Security Development Lifecycle?". Some of the discussion is summarized in one of my weblog entries.
On March 27th 2006, I led a simulation session on agile planning and tracking security requirements at the SPA 2006 near Cambridge, UK. Previously, on March 24th 2006, I did the same session at the French XP Days in Paris and on November 18th 2005, at the XP Days Benelux 2005.
On August 29th 2005, I presented a position paper on agile security requirements engineering at the Symposium on Requirements Engineering for Information Security. The symposium is part of the 13th IEEE International Requirements Engineering Conference in Paris.
I hosted the security track at JavaPolis in 2003 and 2004. During the JavaPolis 2004 conference, I was also moderator of a panel discussion on Agile Security/Secure Agility. I report on the panel discussion in my blog.
I spoke on developing secure Java applications at the secure development event organized by L-SEC, DSP Valley and Vlaams Software Platform on October 21st 2004. The talk was about how the Java security model can help in building secure embedded applications and what its limitations are.