For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Cigital’s principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant) and Pravir Chandra (Principal Consultant). The group discusses the best ways for large companies to get started with software security and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints. They also ponder how much the security testing burden should fall on QA and whether developing expertise in architectural risk analysis or threat modeling is more helpful. John Steven also discusses the hole in his dining room, which threat modeling would not have helped to prevent.

• Transcript of this episode [PDF]
• Justice League blog
• Threat Modeling - a blog entry by John Steven
• OWASP Top 10 for 2007
• OWASP
• The Shmoo Group

 

 Show 021 - A Panel Discussion with Cigital's Principals [23:35m]: Play Now | Play in Popup | Download

This entry was posted on Friday, December 21st, 2007 at 4:40 pm and is filed under Shows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.