“We should never ever be so arrogant to think that we’re not a potential victim or our data has not been compromised or that there’s not some adversary out there that’s just as smart if not smarter than we are who won’t be able to compromise that data.” — Howard Schmidt
A quick post on software security. Gunnar Peterson, a Software Security Architect and CTO at Arctec Group, has posted some excellent advice on getting started with software security. His posting is titled, “Go Wide and Deep, Incrementally.” He bases his advice on an article titled “Software Security Strategies” by Gary McGraw. While I am tempted to quote Gunnar quoting Gary, I’ll leave it to you to follow the links. When Gary and Gunnar speak, it is smart to listen.
Speaking of smart things to do, check out Gary’s most recent podcast, “Show 021 – A Panel Discussion with Cigital’s Principals.” The Silver Bullet Security Podcast has become one of my favorite podcasts. In this episode, to quote from Citigal’s site, “The group discusses the best ways for large companies to get started with software security and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints.” The Justice League’s members for this podcast consists of Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant), Pravir Chandra (Principal Consultant), and Gary McGraw (CTO). A very interesting discussion.
On a related topic, Jeremiah Grossman just pointed out in his blog that Fortify Software has announced the premier of their new documentary, “The New Face of Cybercrime”. Check out the trailer:
I wish the film was not just premiering in San Francisco, New York, and London. Following each screening, there will be an expert panel discussion on cybercrime. Since Gary is in the film, and has good relationships with Fortify Software, I am hoping one of the post-screening discussions will make its way to the Silver Bullet Security Podcast.
