Tonight we are celebrating the 10th anniversary of SecAppDev.
In the summer of 2004, Dirk Dussart, Georges Ataya and I, shocked by the software industry's cavalier attitude to software security, decided to set up a course for developers.
I had worked with Frank Piessens of the KU Leuven DistriNet research group and Bart Preneel from COSIC at previous client engagements and had learned an enormous amounts about security from them in the process, so I talked to them. As they are both great teachers, when they said they were on board, I knew we could make this happen.
At the time, Gary McGraw was eloquently chastising the software industry for their bolt-on approach and urging us to, instead, build it in. So, I contacted Gary and asked him whether he could come over and teach a course in Belgium. He immediately said yes.
Dan Wallach, who had been part of the team at Princeton that exposed and then fixed the security holes in the Java 1.0 security model, couldn't make it in February/March 2005, but said he was keen to teach at future sessions.
With such eminent faculty supporting, we were off to an excellent start. Unfortunately, just a few weeks before the course, Gary had to call off. He apologised and recommended a friend with whom he had been developing course material to take his place. That is how I came to be introduced to Ken van Wyk.
So it was that, on February 28th 2005, the first SecAppDev course kicked off at the Domaine de Freins de Latour in Uccle, Brussels. The next year we moved to the Faculty Club in the Béguinage in Leuven, where we have been since, except for 2012, when we held the course in the Irish College, also in Leuven.
Frank, Bart and Ken have been teaching on every course. Gary McGraw came over several times, as did Dan Wallach. Other great teachers joined and the course became more widely known, which is why we are still here after 10 years.
Whereas in the early days, the course was mainly about building developer security awareness, we shifted our focus and started providing a platform for more leading-edge material on secure application development. This includes the timely confrontation of academic research with professional practice or pitching new, innovative course material by commercial trainers.
As a non-profit organisation, set up to raise the standard of secure software engineering, the best possible outcome would be that we would become obsolete. While we have traveled a long road in the last ten years, our mission has, sadly, not lost any relevance; while security awareness has certainly increased, we are not in a good place. Our society has come to depend on vulnerable IT systems for most of its critical infrastructure. This may well lead to increasingly spectacular failures.
But there is something else even more insidious. In essence, security is about how well you can control your own destiny. This ability to give direction and purpose to life increased significantly in the decades since WWII. But it looks like this trend is being reversed with IT systems that are being compromised to steal from us, invade our privacy or just randomly fail.
I believe that we can do better than this and that history will judge our generation on how well we rise to this challenge.
Every year I take heart from this course, because it is always an inspiration to spend a week with people who are passionate about this historic challenge. This community has come to mean a lot to me and I want to thank all of you for your dedication. Thank you Frank, Bart and Ken for your great contributions as teachers, and also as members of the non-profit board. Thank you, Lieven Desmet for joining the board, curating the course for the last couple of years and being a great organiser. Thank you, Jim Manico. You are a great teacher and lend us very vocal support, both on our board and in the wider community. Thanks to Gary McGraw for your contributions as a teacher and serving on our program committee. Thank you to all the other great teachers that have taught on this course in the past 10 years. And thank you to all participants over those 10 years. Your passion and enthusiasm inspired us to continue this activity. Last but not least, I want to thank my wife, Caroline Greenman, for all her support. Not only has she put up with me investing way more than a reasonable amount of time into this hobby, she actively helps to host the event.
Thank you all for the past 10 years. I thoroughly enjoyed it. I am looking forward to the next 10.
In the summer of 2004, Dirk Dussart, Georges Ataya and I, shocked by the software industry's cavalier attitude to software security, decided to set up a course for developers.
I had worked with Frank Piessens of the KU Leuven DistriNet research group and Bart Preneel from COSIC at previous client engagements and had learned an enormous amounts about security from them in the process, so I talked to them. As they are both great teachers, when they said they were on board, I knew we could make this happen.
At the time, Gary McGraw was eloquently chastising the software industry for their bolt-on approach and urging us to, instead, build it in. So, I contacted Gary and asked him whether he could come over and teach a course in Belgium. He immediately said yes.
Dan Wallach, who had been part of the team at Princeton that exposed and then fixed the security holes in the Java 1.0 security model, couldn't make it in February/March 2005, but said he was keen to teach at future sessions.
With such eminent faculty supporting, we were off to an excellent start. Unfortunately, just a few weeks before the course, Gary had to call off. He apologised and recommended a friend with whom he had been developing course material to take his place. That is how I came to be introduced to Ken van Wyk.
So it was that, on February 28th 2005, the first SecAppDev course kicked off at the Domaine de Freins de Latour in Uccle, Brussels. The next year we moved to the Faculty Club in the Béguinage in Leuven, where we have been since, except for 2012, when we held the course in the Irish College, also in Leuven.
Frank, Bart and Ken have been teaching on every course. Gary McGraw came over several times, as did Dan Wallach. Other great teachers joined and the course became more widely known, which is why we are still here after 10 years.
Whereas in the early days, the course was mainly about building developer security awareness, we shifted our focus and started providing a platform for more leading-edge material on secure application development. This includes the timely confrontation of academic research with professional practice or pitching new, innovative course material by commercial trainers.
As a non-profit organisation, set up to raise the standard of secure software engineering, the best possible outcome would be that we would become obsolete. While we have traveled a long road in the last ten years, our mission has, sadly, not lost any relevance; while security awareness has certainly increased, we are not in a good place. Our society has come to depend on vulnerable IT systems for most of its critical infrastructure. This may well lead to increasingly spectacular failures.
But there is something else even more insidious. In essence, security is about how well you can control your own destiny. This ability to give direction and purpose to life increased significantly in the decades since WWII. But it looks like this trend is being reversed with IT systems that are being compromised to steal from us, invade our privacy or just randomly fail.
I believe that we can do better than this and that history will judge our generation on how well we rise to this challenge.
Every year I take heart from this course, because it is always an inspiration to spend a week with people who are passionate about this historic challenge. This community has come to mean a lot to me and I want to thank all of you for your dedication. Thank you Frank, Bart and Ken for your great contributions as teachers, and also as members of the non-profit board. Thank you, Lieven Desmet for joining the board, curating the course for the last couple of years and being a great organiser. Thank you, Jim Manico. You are a great teacher and lend us very vocal support, both on our board and in the wider community. Thanks to Gary McGraw for your contributions as a teacher and serving on our program committee. Thank you to all the other great teachers that have taught on this course in the past 10 years. And thank you to all participants over those 10 years. Your passion and enthusiasm inspired us to continue this activity. Last but not least, I want to thank my wife, Caroline Greenman, for all her support. Not only has she put up with me investing way more than a reasonable amount of time into this hobby, she actively helps to host the event.
Thank you all for the past 10 years. I thoroughly enjoyed it. I am looking forward to the next 10.
No comments:
Post a Comment