Yesterday was the first day of ACSAC, and it went relatively smooth. We had a larger than normal number of on-site registrations (enough that we had to add a table at lunch), and there were no problems with the training courses or workshops.
I audited the course we had on Systems Security Engineering and Software Engineering. For this course, we had 3 European instructors (Germany, Spain), and one US instructor. I was struck by the difference in techniques and approaches. The European instructors were heavily into the security patterns and UML-based approaches. The US folk (based out of NIST) were building upon the IEEE System and Software Engineering approaches to bake security into the process. I found that I had an easier time understanding the US approach; I’ve never been a modeling or theoretical person.
I began to wonder if the gulf between the two approaches was a generational thing? Just as there is a generational difference between those who grew up with procedural languages (the FORTRANs, Pascals, PL/Is, Cs of the word) and those who grew up with the heavily object oriented languages (the Javas), between those who grew up with straightforward systems vs those who grew up with all this glueware and middleware (CORBA, etc.)… there may be a gap for those whom modeling is the truth and the light, and those who need more straightforward mechanisms. I found that I just couldn’t glom on to the UML based approaches.
Monday evening has no formal conference activities, so I took the time to hit an excellent local record store for some music (including this local artist). We then went hunted down dinner, and found it at the Gumbo Pot. I had the Gumbo Ya-Ya, and my wife had the side of Red Beans and Rice. All were very good.
