Difference between revisions of "Podcast 11"

From OWASP
Jump to: navigation, search
m (New page: '''OWASP Podcast Series #11''' OWASP Interview with MITRE<br/> Recorded February 5th, 2009 [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 ...)
 
m
 
(5 intermediate revisions by one user not shown)
Line 2: Line 2:
  
 
OWASP Interview with MITRE<br/>
 
OWASP Interview with MITRE<br/>
Recorded February 5th, 2009
+
Recorded February 23th, 2009
  
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] <!-- [http://www.owasp.org/download/jmanico/owasp_podcast_10.mp3 mp3] -->
+
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_11.mp3 mp3]
 +
 
 +
[http://cwe.mitre.org/top25/ http://cwe.mitre.org/top25/]
  
 
==Participants==
 
==Participants==
 
<ul>
 
<ul>
<li>Ken is a CERT® Certified Computer Security Incident Handler, as well as an internationally recognized information security expert and author of the popular O'Reilly and Associates books, Incident Response and Secure Coding: Principles and Practices, as well as a monthly columnist for eSecurityPlanet. Among his numerous professional roles, Ken is a Visiting Scientist at the Software Engineering Institute at Carnegie Mellon University, where he is a course instructor and consultant to the CERT® Coordination Center.
+
<li><b>Steve Christey</b> is a Principal Information Security Engineer in the
 +
Security and Information Operations Division at The MITRE Corporation.
 +
Since 1999, he has been the Editor of the Common Vulnerabilities and
 +
Exposures (CVE) list and the Chair of the CVE Editorial Board.  He is
 +
the technical lead of the Common Weakness Enumeration (CWE) project.
 +
He was the technical editor of the 2009 CWE/SANS Top 25 Most Dangerous
 +
Programming Errors list and an active contributor to other efforts
 +
including the SANS Secure Programming exams, NIST's Static Analysis
 +
Tool Exposition (SATE), and the Common Vulnerability Scoring System
 +
(CVSS).  His current interests include secure software development and
 +
testing, the theoretical underpinnings of vulnerabilities, making
 +
software security accessible to the general public, vulnerability
 +
information management including post-disclosure analysis, and
 +
vulnerability research.  Past work, which dates back to 1993, includes
 +
co-authoring the "Responsible Vulnerability Disclosure Process" draft
 +
with Chris Wysopal in 2002, reverse engineering of malicious code,
 +
automated vulnerability analysis of source code, and vulnerability
 +
scanning and incident response.  He holds a B.S. in Computer Science
 +
from Hobart College.</li>
 +
<li><b>Bob Martin</b>, CSSLP, is a Principal Engineer at MITRE, a company that works in
 +
partnership with the government to address issues of critical national
 +
importance. For the past 17 years, Bob's efforts focused on the
 +
interplay of risk management, cyber security, and quality assessment.
 +
The majority of this time has been spent working on the CVE, OVAL, CAPEC
 +
and CWE security standards initiatives in addition to basic quality
 +
measurement and management of software projects. Bob is the project
 +
leader of the Common Weakness Enumeration (CWE) effort and the project
 +
manager for the CWE/SANS Top 25 Most Dangerous Programming Errors. Bob is
 +
a frequent speaker on the various security and quality issues
 +
surrounding information technology systems and has published numerous
 +
papers on these topics. Bob joined MITRE in 1981 with a BS and MS in
 +
Electrical Engineering from RPI, later he earned an MBA from Babson
 +
College. He is a member of the ACM, AFCEA, IEEE, and the IEEE Computer
 +
Society.</li>
 
</ul>
 
</ul>

Latest revision as of 20:08, 3 March 2009

OWASP Podcast Series #11

OWASP Interview with MITRE
Recorded February 23th, 2009

overview-icon-itunes20081106.jpg Feed-icon-32x32.png mp3

http://cwe.mitre.org/top25/

Participants

  • Steve Christey is a Principal Information Security Engineer in the Security and Information Operations Division at The MITRE Corporation. Since 1999, he has been the Editor of the Common Vulnerabilities and Exposures (CVE) list and the Chair of the CVE Editorial Board. He is the technical lead of the Common Weakness Enumeration (CWE) project. He was the technical editor of the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors list and an active contributor to other efforts including the SANS Secure Programming exams, NIST's Static Analysis Tool Exposition (SATE), and the Common Vulnerability Scoring System (CVSS). His current interests include secure software development and testing, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research. Past work, which dates back to 1993, includes co-authoring the "Responsible Vulnerability Disclosure Process" draft with Chris Wysopal in 2002, reverse engineering of malicious code, automated vulnerability analysis of source code, and vulnerability scanning and incident response. He holds a B.S. in Computer Science from Hobart College.
  • Bob Martin, CSSLP, is a Principal Engineer at MITRE, a company that works in partnership with the government to address issues of critical national importance. For the past 17 years, Bob's efforts focused on the interplay of risk management, cyber security, and quality assessment. The majority of this time has been spent working on the CVE, OVAL, CAPEC and CWE security standards initiatives in addition to basic quality measurement and management of software projects. Bob is the project leader of the Common Weakness Enumeration (CWE) effort and the project manager for the CWE/SANS Top 25 Most Dangerous Programming Errors. Bob is a frequent speaker on the various security and quality issues surrounding information technology systems and has published numerous papers on these topics. Bob joined MITRE in 1981 with a BS and MS in Electrical Engineering from RPI, later he earned an MBA from Babson College. He is a member of the ACM, AFCEA, IEEE, and the IEEE Computer Society.