« Gemini/KRvW Training at AppSecDC 2010 | Main | Thoughts on Akamai's "EdgeTokenization" Solution »

AppSecDC 2010 Schedule is Posted (Includes Me!)

AppSec DC 2010 will be held Nov. 8-11 at the Walter E. Washington Convention Center in Washington, D.C. The first two days will be for training, including my delivery of “Software Security Best Practices” (a KRvW course). I will also be speaking at the conference on the 2nd plenary day (11/11) in the "death" slot (5:10-6pm). I hope to see you all there! :)

The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform
What we're doing today is not working and isn't sustainable. The fundamental culture of the average business does not encourage making good security decisions. Software shops continue to focus on functionality and timelines, neglecting information security. In spite of regulations like PCI and HIPAA+HITECH, which are levying fines against organizations for their security failures, the tipping point has clearly not been reached to cause meaningful change. Much of this problem can be attributed to the excessive use of negative incentives (sticks) instead of providing positive incentives (carrots) that inspire better decision making and motivate true change. Fortunately, it's not too late to change tactics and start achieving demonstrable success.

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/1058

Post a comment

About

This page contains a single entry from the blog posted on September 23, 2010 2:17 PM.

The previous post in this blog was Gemini/KRvW Training at AppSecDC 2010.

The next post in this blog is Thoughts on Akamai's "EdgeTokenization" Solution.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.