Difference between revisions of "Podcast 11"

From OWASP
Jump to: navigation, search
m
m
Line 29: Line 29:
 
scanning and incident response.  He holds a B.S. in Computer Science
 
scanning and incident response.  He holds a B.S. in Computer Science
 
from Hobart College.</li>
 
from Hobart College.</li>
<li><b>Bob Martin</b> is a Principal Engineer at MITRE, a company that works in  
+
<li><b>Bob Martin</b>, CSSLP, is a Principal Engineer at MITRE, a company that works in  
 
partnership with the government to address issues of critical national  
 
partnership with the government to address issues of critical national  
 
importance. For the past 17 years, Bob's efforts focused on the  
 
importance. For the past 17 years, Bob's efforts focused on the  
Line 37: Line 37:
 
measurement and management of software projects. Bob is the project  
 
measurement and management of software projects. Bob is the project  
 
leader of the Common Weakness Enumeration (CWE) effort and the project  
 
leader of the Common Weakness Enumeration (CWE) effort and the project  
manager for the CWE/SANS Top 25 Most Dangerous Programming Errors.</li>
+
manager for the CWE/SANS Top 25 Most Dangerous Programming Errors. Bob is
 +
a frequent speaker on the various security and quality issues
 +
surrounding information technology systems and has published numerous
 +
papers on these topics. Bob joined MITRE in 1981 with a BS and MS in
 +
Electrical Engineering from RPI, later he earned an MBA from Babson
 +
College. He is a member of the ACM, AFCEA, IEEE, and the IEEE Computer
 +
Society.</li>
 
</ul>
 
</ul>

Revision as of 00:35, 1 March 2009

OWASP Podcast Series #11

OWASP Interview with MITRE
Recorded February 23th, 2009

overview-icon-itunes20081106.jpg Feed-icon-32x32.png 

http://cwe.mitre.org/top25/

Participants

  • Steve Christey is a Principal Information Security Engineer in the Security and Information Operations Division at The MITRE Corporation. Since 1999, he has been the Editor of the Common Vulnerabilities and Exposures (CVE) list and the Chair of the CVE Editorial Board. He is the technical lead of the Common Weakness Enumeration (CWE) project. He was the technical editor of the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors list and an active contributor to other efforts including the SANS Secure Programming exams, NIST's Static Analysis Tool Exposition (SATE), and the Common Vulnerability Scoring System (CVSS). His current interests include secure software development and testing, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research. Past work, which dates back to 1993, includes co-authoring the "Responsible Vulnerability Disclosure Process" draft with Chris Wysopal in 2002, reverse engineering of malicious code, automated vulnerability analysis of source code, and vulnerability scanning and incident response. He holds a B.S. in Computer Science from Hobart College.
  • Bob Martin, CSSLP, is a Principal Engineer at MITRE, a company that works in partnership with the government to address issues of critical national importance. For the past 17 years, Bob's efforts focused on the interplay of risk management, cyber security, and quality assessment. The majority of this time has been spent working on the CVE, OVAL, CAPEC and CWE security standards initiatives in addition to basic quality measurement and management of software projects. Bob is the project leader of the Common Weakness Enumeration (CWE) effort and the project manager for the CWE/SANS Top 25 Most Dangerous Programming Errors. Bob is a frequent speaker on the various security and quality issues surrounding information technology systems and has published numerous papers on these topics. Bob joined MITRE in 1981 with a BS and MS in Electrical Engineering from RPI, later he earned an MBA from Babson College. He is a member of the ACM, AFCEA, IEEE, and the IEEE Computer Society.