Raf asks - Why haven’t we solved the same old software security
James asks how a security team gets out of the way and still
get better security?
We discuss threat modeling, and channel a bit of John
Jeff talks about the OWASP ESAPI and standard security
libraries and controls
Jeff talks about “libraries with known vulnerabilities” and the
role of open source components
Raf brings up the ugly side of enterprise outsourcing - code
development by committee
We discuss static, dynamic and run-time security tools
Raf asks Jeff what the RIGHT approach to creating a software
program looks like
Jeff Williams ( @PlanetLevel ) - Jeff brings more than 20 years
of security leadership experience as co-founder and Chief
Technology Officer of Contrast. In 2002, Jeff co-founded and became
CEO of Aspect Security, a successful and innovative consulting
company focused on application security. Jeff is also a founder and
major contributor to OWASP, where he served as the Chair of the
OWASP Board for 8 years and created the OWASP Top 10, OWASP
Enterprise Security API, OWASP Application Security Verification
Standard, XSS Prevention Cheat Sheet, and many other widely adopted
free and open projects. Jeff has a BA from Virginia, an MA from
George Mason, and a JD from Georgetown.
Security. Some assembly required.
Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.
This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's SecurityWeek column: http://www.securityweek.com/authors/rafal-los