Going to OSCON 2010

I know I’ve ranted about this before, and this post is no different. OSCON still doesn’t have any security talks, which is like an engineering conference that doesn’t have any structural integrity talks.

A sample of non-functional requirements in the OSCON 2010 program:

  • Configuration Management – check*
  • Deployment – check
  • Documentation – check
  • Efficiency – check*
  • Legal issues – check
  • Performance – check*
  • Maintainability – check*
  • Quality – check*
  • Scalability – check*
  • Testability – check*

* I’m going to a few of these tutes and talks

And what they don’t cover:

  • Compliance – 0 talks
  • Privacy – 0 talks
  • Safety – 0 talks
  • Security – 0 talks, 1 three hour tutorial

And yet, security is the only NFR that can close your business, destroy shareholder value, get you sued, cost you dearly in compliance and remediation costs, limit your organization or project to irrelevance, and destroy privacy for millions of folks in one fell swoop of ineptitude and cluelessness.

One day, the papers committee will get a clue. It’s not 2010, though.

So all my open source chums – see you in Portland! 🙂

Published by vanderaj

Just another security geek

Join the Conversation

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *