OIT INFORMATION

• About Us
• Customer Service
• Enterprise Services & Rates
• Policies, Standards & Procedures
• eGovernment
• Accessibility
• Security
• Project Management
• Architecture

Announcing DevCon VIII

By B. Victor Chakravarty, Enterprise Architect

The semi-annual Developers' Conference (DevCon) is the premier opportunity for State application developers to network and brainstorm. First launched in the spring-summer of 2006, it is now time for the eighth conference of the series. DevCon VIII will be held on Tuesday, December 8, 2009, A.M., at the Central Maine Commerce Center Florian Room. The theme is Application Security Vulnerability Scanning.

As our applications become more complex, more interconnected, and more exposed to the external world, securing them properly becomes more important than ever before. An important tool in the application security toolkit is the vulnerability scanner. Logically, the vulnerability scanner contains two parts: a library of attack vectors and an interpreter of response. The scanner shoots the target application with its library of attack vectors and then interprets the application's response to estimate its vulnerability exposure.

Unfortunately, the current state-of-the-art in vulnerability scanning still produces both false positives and false negatives. False positives are spurious vulnerabilities identified as real; false negatives are real vulnerabilities either not identified at all or identified as lesser threats than they really are. DevCon VIII will cover a demonstration of our enterprise vulnerability scanner and a detailed analysis of its reports. At the end of the session, developers should be able to use the vulnerability scanner reports to better secure their applications. This is also an opportunity for us all to brainstorm with the Associate CIO, Applications, on how to incorporate vulnerability scanning upstream into the development cycle, so that it does not seem like an irritant at the time of deployment.

If past DevCons are any guide, although the podium presentations generate lots of questions and comments, the real passion and candor are reserved for the Open Microphone session at the end. This is where developers reveal their thoughts and opinions in random, free-wheeling exchanges. Real changes have taken place as a result of previous Open Microphone sessions. So, please participate in DevCon VIII and articulate your thoughts. It is highly likely that many of your suggestions will be implemented in the not-too-distant future.

The DevCon is the best opportunity for peer-to-peer enrichment within the State application developer community, and that includes both the Executive and non-Executive branches. It is absolutely free, involves almost no travel and counts as four hours of training toward the stipend. We thank the State developer community for their strong support to the previous seven DevCons. In fact, more than once, developers have braved storms and blizzards to pack the venue to its full capacity. We look forward to the same kind of passionate support in the upcoming DevCon VIII.

Article posted on: October 30, 2009
Comments on this article? Send us your feedback.

Maine.gov | DAFS Home | OIT Home | Site Policies