by Dave Ramsey
I'd like to lead an open, public, and collaborative discussion to see if we can determine a set of indicators that can be caught in DDR analysis tools (mine or others) for things that should be brought to users attention about the security state of their solutions. These are not necessarily things that are hard-and-fast "bad", but at least things that are definitely worthy of review. I think this would make a great conversation to have late the second day, to see if we can condense a set of rules out of the discussions/sessions of the previous day or so. I think the results of the discussion would be relevant even for those that don't use analysis tools.