Comments on: Show 040 – An Interview with Bob Blakley http://www.cigital.com/silver-bullet/show-040/?utm_source=rss&utm_medium=rss&utm_campaign=show-040 Cigital CTO Gary McGraw discusses software security with security gurus. Mon, 31 Oct 2011 00:04:20 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Gregorio Anes http://www.cigital.com/silver-bullet/show-040/#comment-108 Gregorio Anes Thu, 10 Feb 2011 03:58:25 +0000 http://www.cigital.com/silverbullet/?p=51#comment-108 Great goods from you, man. I've bear in mind your stuff prior to and you are just extremely fantastic. I actually like what you've got here, really like what you're stating and the way wherein you assert it. You are making it entertaining and you still take care of to keep it wise. I cant wait to learn much more from you. That is really a wonderful website.- Elegant London Escorts, 65-67 Brewer Street, Floor: 2, London W1F 9UP. Phone: 020 3011 2941 Great goods from you, man. I’ve bear in mind your stuff prior to and you are just extremely fantastic. I actually like what you’ve got here, really like what you’re stating and the way wherein you assert it. You are making it entertaining and you still take care of to keep it wise. I cant wait to learn much more from you. That is really a wonderful website.- Elegant London Escorts, 65-67 Brewer Street, Floor: 2, London W1F 9UP. Phone: 020 3011 2941

]]> By: gem http://www.cigital.com/silver-bullet/show-040/#comment-107 gem Wed, 22 Jul 2009 15:06:38 +0000 http://www.cigital.com/silverbullet/?p=51#comment-107 death to smileys. sorry for the technical difficulties on this one. we're usually better and we will be again. gem death to smileys.

sorry for the technical difficulties on this one. we’re usually better and we will be again.

gem

]]> By: rmacmich http://www.cigital.com/silver-bullet/show-040/#comment-106 rmacmich Wed, 22 Jul 2009 15:03:47 +0000 http://www.cigital.com/silverbullet/?p=51#comment-106 Von -- This one was a particularly difficult one to level out due to a lot of background noise (and, therefore, the use of noise reduction) and level inconsistencies. Sorry it was a tough listen for you -- hopefully past and future episodes aren't so jarring. :) ... Ryan Von — This one was a particularly difficult one to level out due to a lot of background noise (and, therefore, the use of noise reduction) and level inconsistencies. Sorry it was a tough listen for you — hopefully past and future episodes aren’t so jarring. :)

… Ryan

]]> By: Von http://www.cigital.com/silver-bullet/show-040/#comment-105 Von Wed, 22 Jul 2009 14:57:39 +0000 http://www.cigital.com/silverbullet/?p=51#comment-105 Technical gripe on the podcast audio: I found the difference in volume between Gary and Bob so great that I was constantly having to adjust my volume in my car to understand Bob but not get blasted away by Gary. Don't mean to just complain though. Really enjoy the podcasts and the mix of technical and non-technical questions. Technical gripe on the podcast audio: I found the difference in volume between Gary and Bob so great that I was constantly having to adjust my volume in my car to understand Bob but not get blasted away by Gary.

Don’t mean to just complain though. Really enjoy the podcasts and the mix of technical and non-technical questions.

]]> By: Gunnar http://www.cigital.com/silver-bullet/show-040/#comment-104 Gunnar Fri, 17 Jul 2009 19:46:35 +0000 http://www.cigital.com/silverbullet/?p=51#comment-104 Great interview. Bob pointed out his main gripe with Java's security model which is how it treats fine grained authorization. It requires defining all of the policy up front, very difficult or impossible to do in real world. And it lacks layers of indirections that we can use to resolve when we don't know a priori the full subject + object + session policies (i.e. most of the time). Bob opines that XACML and Claims may help resolve this, and I agree (if nothing else it represents our best current hope), but they didn't drill down on this Bob or Gary - anything to add here? Great interview.

Bob pointed out his main gripe with Java’s security model which is how it treats fine grained authorization. It requires defining all of the policy up front, very difficult or impossible to do in real world. And it lacks layers of indirections that we can use to resolve when we don’t know a priori the full subject + object + session policies (i.e. most of the time). Bob opines that XACML and Claims may help resolve this, and I agree (if nothing else it represents our best current hope), but they didn’t drill down on this

Bob or Gary – anything to add here?

]]>