Silver Bullet
Show 068 – An Interview with John Steven
On the 68th episode of The Silver Bullet Security Podcast, Gary is joined in the studio by John Steven, internal CTO at Cigital. Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools. They close out the show discussing mixology.
- John Steven @ Justice League blog
- OWASP NoVA
- Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal), InformIT.
- Moving to Mobile – New Threats, Justice League blog.
- Threat Modeling – Vocabulary, Justice League blog.
- BSIMM
- “The Liberal”
- “The Old Fashioned”
- Silver Bullet: Elinor Mills
