OWASP Meetings and Software Developers

Why do I never meet any software developers at the local OWASP meetings that I attend? That's been bothering me. OWASP stands for "Open Web Application Security Project". Developers create web applications. Developers need to be aware of security issues in order to build better software. So why don't I meet developers there?

Now you may be wondering, "so who do you meet?" Well, I'd say the majority are security consultants of one form or another. A few are principles of companies that perform security audits, some build software to sell for promoting better security. Last night at the meeting I attended, I sat next to a PCI Compliance consultant and so I added a little to my knowledge about that. I also tend to meet system administrators, but usually they're higher up the ladder and not the guys down in the trenches, but I'm not sure that's always true. Also, keep in mind that I'm not the most outgoing social butterfly you'll ever meet, so there could easily be other developers there and we just don't meet up.

The meetings I've been to have covered some fascinating topics, often focusing on XSS attacks, but not always. They've been a bit scary, too. I tend to go home and start looking for new ways to lock down all of my computers. Last night's meeting especially compelled me to focus on that! I wish that other software developers would discover these meetings and find them to be as intriguing as I do.

(P.S. I'll give more details about that meeting in another post - it was memorable.)