LASCON 2010 was awesome. It’s an Austin app security conference put on by the Austin OWASP chapter. Josh Sokol and James Wickett did a great job of putting the thing together; for a first time convention it was really well run and went very smoothly. The place was just about full up, about 200 people. I saw people I knew there from Austin Networking, the University of Texas, HomeAway, and more. It was a great crowd, all sorts of really sharp people, both appsec pros and others.
And the swag was nice, got a good quality bugout bag and shirt, and the OWASP gear they were selling was high quality – no crappy black geek tshirts.
I wish I had more time to talk with the suppliers there; I did make a quick run in to talk to Fortify and Veracode. Both now have SaaS offerings where you can buy in for upload scanning of your source (Fortify) or your binaries (Veracode) without having to spring for their big ass $100k software packages, which is great – if proper security is only the purview of billion dollar companies, then we’ll never be secure.
At the happy hour they brought in a mechanical bull! We had some friends in from Cloudkick in SF and they asked me with some concern, “Do all conferences in Austin do this?” Nope, first time I’ve seen it, but it was awesome! After some of the free drinks, I was all about it. They did something really clever with the drinks – two drink tickets free, but you could get more by going and talking to the vendors at their booths. That’s a win-win! No “fill out a grade school passport to get entered into a drawing” kind of crap.
Speaking of drawings, they had a lot of volunteers working hard to run the con, they did a great job.
I took notes from the presentations I went to, they’re coming as separate posts. I detected a couple common threads I found very interesting. The Rugged Software Manifesto was mentioned by speakers in multiple sessions including by the Department of Homeland Security. It’s clear that as software becomes more and more pervasive in our lives that health, safety, national security, and corporate livelihood are all coming to depend on solid, secure software and frankly we’re not well on the right track towards that happening.
Also, the need for closer cooperation between developers, appsec people, and traditional netsec people was a clear call to action. This makes me think about the ongoing call for developer/ops collaboration from DevOps – truly, it’s a symptom of a larger need to find a better way for everyone to work together to generate these lovely computerized monstrosities we work on.
So check out my notes from the sessions – believe me, if it was boring I wouldn’t bother to write it down.
I hear the conference turned a profit and it was a big success from my point of view, so here’s hoping it’s even bigger and better in 2011! Two days! It’s calling to you!