Open source software security

Educause Security Professionals Conference 2010

11 June 2010
It's day 1 of the Educause Security Professionals Conference 2010 (http://net.educause.edu/sec10) in Atlanta. I'm going to try and Tweet a bit of the conference (http://www.twitter.com/madirish2600) under the hashtag #ESecPC and hopefully blog some as well. I'm presenting a session tomorrow on OSSEC (http://www.ossec.net) and serving in a multi-person panel on a hot topic discussion around secure application development lifecycle. So far there seem to be a few trends I'm noticing, one being web application security. I'll try and pull together other trends that I notice as well. The first day of the conference is day long trainings. I'm hoping to attend the session on establishing an information security program, presented by Cedric Bennett, Emeritus Director, Information Security Services, Stanford University. Our infosec program at SAS is pretty new and I'm hoping to learn a little from other folks' experience and hopefully take away something we can implement when I get back to Philly. I'm also interested in seeing how well my laptop functions for the conference with respect to a notepad or my Android phone. I expect to be taking lots of notes, checking e-mail and hopefully posting updates to Twitter. I'm suspecting that the laptop may be superfluous while I'm actually in conference sessions but we'll see.