At RSA this year, I did a quick video interview with Dennis Fisher an old friend who is now the lead editor of Search Security. The resulting video is here

Here are the questions I answered during the interview (along with some bonus pointers that I’ll include in this posting). As you can see, we mostly talked about software security:

• Let’s talk about where things stand with the state of software security in the industry today. Are you optimistic?
• I’ve heard a lot of people say that solving the software security problem is going to cost a lot of time and money in the development process. Is that true?

  See this informIT article.

• I know there’s a lot of training that goes on in the professional world in terms of software security for developers, but is that happening more in colleges and universities right now compared to five years ago?

  See this IT Architect article.

• What about the commercial software vendors. How much progress are they making on this problem?
• Are there one or two problems that really worry you in software security right now?

  See this IEEE S&P article.

If you like this video, please let the Search Security people know so they feel compelled to do more.

My buddy Jim Menard sent me this link when we were talking about comments Don Rippert made about the futility of MDA.

Don Rippert’s comments were (in summary) that by the time you got to any level of specificity in the model that the complexity of the models made them harder to follow than code.

I’ve been using Enterprise Architect to reverse engineer code by loading the code into EA and looking at the generated UML. I’ve given up and gone back to emacs.