Search Security video

[gem at cigital.com (Gary McGraw)]

hi sc-l,

At RSA this year, I did a quick video interview with Dennis Fisher an old friend who is now the lead editor of Search 
Security.  The resulting video is here:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1316612,00.html

Here are the questions I answered during the interview (along with some bonus pointers that I'll include in this 
posting).  As you can see, we mostly talked about software security

* Let's talk about where things stand with the state of software security in the industry today. Are you optimistic?

* I've heard a lot of people say that solving the software security problem is going to cost a lot of time and money in 
the development process. Is that true?

See this informIT article: http://www.informit.com/articles/article.aspx?p=1189519

* I know there's a lot of training that goes on in the professional world in terms of software security for developers, 
but is that happening more in colleges and universities right now compared to five years ago?

See this IT Architect article: http://www.cigital.com/papers/download/0602sec.training.pdf

* What about the commercial software vendors. How much progress are they making on this problem?

* Are there one or two problems that really worry you in software security right now?

See this IEEE S&P article: http://www.cigital.com/papers/download/attack-trends-EOG.pdf

If you like this video, please let the Search Security people know so they feel compelled to do more.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleage
book www.swsec.com