Aug 10, 2016
In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk through our industry's obsession with vulnerabilities, dive headlong into the thorny issue of security research, talk through the various issues with disclosure and even delve into some ethics issues.
This episode is content-packed with some content that you will likely want to talk to us about. So here's how to find us:
Steve on Twitter: @SushiDude
Hashtag for the show: #DtSR
Steve's Bio (from LinkedIn - https://www.linkedin.com/in/steve-christey-coley-66aa1826):
Editor / Technical Lead for the Common Vulnerabilities and
Exposures (CVE) project; Technical Lead for the Common Weakness
Enumeration (CWE); co-author of the "Responsible Vulnerability
Disclosure Process" IETF draft with Chris Wysopal in 2002;
participant in Common Vulnerability Scoring System (CVSS) and
NIST's Static Analysis Tool Exposition (SATE). My primary interests
include secure software development and testing, understanding the
strengths and limitations of automated code analysis tools, the
theoretical underpinnings of vulnerabilities, making software
security accessible to the general public, vulnerability
information management including post-disclosure analysis, and
vulnerability research.
Specialties: Vulnerability research, vulnerability management,
software security.