Raf asks - Why haven’t we solved the same old software security
James asks how a security team gets out of the way and still
get better security?
We discuss threat modeling, and channel a bit of John
Jeff talks about the OWASP ESAPI and standard security
libraries and controls
Jeff talks about “libraries with known vulnerabilities” and the
role of open source components
Raf brings up the ugly side of enterprise outsourcing - code
development by committee
We discuss static, dynamic and run-time security tools
Raf asks Jeff what the RIGHT approach to creating a software
program looks like
Jeff Williams ( @PlanetLevel ) - Jeff brings more than 20 years
of security leadership experience as co-founder and Chief
Technology Officer of Contrast. In 2002, Jeff co-founded and became
CEO of Aspect Security, a successful and innovative consulting
company focused on application security. Jeff is also a founder and
major contributor to OWASP, where he served as the Chair of the
OWASP Board for 8 years and created the OWASP Top 10, OWASP
Enterprise Security API, OWASP Application Security Verification
Standard, XSS Prevention Cheat Sheet, and many other widely adopted
free and open projects. Jeff has a BA from Virginia, an MA from
George Mason, and a JD from Georgetown.
Take a step outside the echo chamber - gain some perspective and context.
Welcome to one of the longest-running cybersecurity focused podcasts in existence. Here we talk real problems, real solutions, and make real big fun of ridiculous things. This show is part ideation, part "get off my lawn", and always a chuckle.
Join us, subscribe, and share in the conversation.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's @Medium blog at https://medium.com/@BlogWh1t3Rabbit