hi sc-l, At RSA this year, I did a quick video interview with Dennis Fisher an old friend who is now the lead editor of Search Security. The resulting video is here:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1316612,00.html Here are the questions I answered during the interview (along with some bonus pointers that I'll include in this posting). As you can see, we mostly talked about software security * Let's talk about where things stand with the state of software security in the industry today. Are you optimistic? * I've heard a lot of people say that solving the software security problem is going to cost a lot of time and money in the development process. Is that true? See this informIT article: http://www.informit.com/articles/article.aspx?p=1189519 * I know there's a lot of training that goes on in the professional world in terms of software security for developers, but is that happening more in colleges and universities right now compared to five years ago? See this IT Architect article: http://www.cigital.com/papers/download/0602sec.training.pdf * What about the commercial software vendors. How much progress are they making on this problem? * Are there one or two problems that really worry you in software security right now? See this IEEE S&P article: http://www.cigital.com/papers/download/attack-trends-EOG.pdf If you like this video, please let the Search Security people know so they feel compelled to do more. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleage book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________