Software Best Practices 2008

Date November 6, 2008

It’s been nearly a week since I got back from SDBP in Boston, but with the Seattle Death Plague (TM – DanK) that seems to be going round everyone, the most I’ve been able to do is my normal workday, let alone keeping up with all the other things.

In any case, first time I’ve been to Boston and I really liked it.  Hooked up with John Steven from Cigital and a few other people at a restaurant the first night and had a good talk about the state of the industry (I really must find time for a likely long post on my thoughts about this).

I knew I was suffering before I even headed off to Boston, so didn’t venture out from the hotel or congregated with the other conference delegates that much so as not to make myself feel worse (and not have anything left for my talk later in the week), and to desperately try not to spread the lurgy to anyone else.

Anyway, I have to say, for me at least, the conference was a bust.  Only 12-15 people turned up for my talk about Cross-Site Request Forgeries (what they are, how they work, how to stop them).  There’s full presentations with audio available from the conference organizers, but I’ve put my presentation deck up here for anyone that is interested.  Overall, I thought the talk went quite well, the topic/material seemed to be what they were after and the people in the (small) audience were interested/engaged.  However, I think it was the wrong presentation for that conference.  I believed (wrongly it seems) that a talk about a big problem many sites have, how to test for it and how to mitigate that vulnerability (so it wasn’t just a "magic show", but real discussion of programming out of the hole) would go down well at that conference (web is after all one of the largest development platforms).

I didn’t go to that many more talks (feeling crappy and not wanting to spread it around), but those I did go to (mostly people/process/management or specific technical talks) were interesting but not core to my main work.

Overall it was a good con (and from many accounts smaller than it has been – clearly the economy is hitting lots of areas of our industry), but I didn’t make the best of it what I should.  I put that down to a mix of a difference in expectations from myself, and not being 100%.

Category Posted in Trip Report


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>