Show 027 – An Interview with Gunnar Peterson

by rmacmich on Wednesday, June 18, 2008

Gunnar Peterson

On the 27th episode of The Silver Bullet Security Podcast, Gary interviews software security expert Gunnar Peterson, a Managing Principal at Arctec Group. Gary and Gunnar begin with the age-old question, “What is security?” They go on to discuss how Web 2.0 and SOA security is progressing, the big idea behind “federated identity,” whether all market verticals can follow the software security lead of the financial services industry, and the inherent badness of the color purple.

  • Pingback: 1 Raindrop()

  • http://1raindrop.typepad.com Gunnar

    Hi Gary,

    Two more thoughts to keep in mind, both from David Gelernter
    http://www.edge.org/documents/archive/edge70.html

    First, in terms of where SOA and Web 2.0 are leading:

    “If a million people use a Web site simultaneously, doesn’t that mean that we must have a heavy-duty remote server to keep them all happy? No; we could move the site onto a million desktops and use the internet for coordination. The “site” is like a military unit in the field, the general moving with his troops (or like a hockey team in constant swarming motion). (We used essentially this technique to build the first tuple space implementations. They seemed to depend on a shared server, but the server was an illusion; there was no server, just a swarm of clients.) Could Amazon.com be an itinerant horde instead of a fixed Central Command Post? Yes.”

    Next, further amplification of the matrix problem you stated:

    “If you have three pet dogs, give them names. If you have 10,000 head of cattle, don’t bother. Nowadays the idea of giving a name to every file on your computer is ridiculous.”

  • Stephen Craig Evans

    A great catch Gary (fishing pun intended) and Gunnar your blog is in my Top 5 list; nary a second was wasted…
    What struck me immediately after the podcast (and maybe I should think about this more before possibly making a fool out of myself):
    If we are doing such a bad job and spending so much effort on Web 1.0 prevention mechanisms and techniques, and Web 2.0 is here with Web 3.0 on its way, why don’t we just say “screw it”, throw out all the Web 1.0 security stuff out the window, and focus all of our efforts at the data level, meaning architect and implement ALL of our applications using WS-*, SAML, SOA, Federated Identity, etc. ?