Revision as of 16:51, 28 February 2009 by Jmanico
OWASP Interview with MITRE
Recorded February 23th, 2009
- Steve Christey is a Principal Information Security Engineer in the Security and Information Operations Division at The MITRE Corporation. Since 1999, he has been the Editor of the Common Vulnerabilities and Exposures (CVE) list and the Chair of the CVE Editorial Board. He is the technical lead of the Common Weakness Enumeration (CWE) project. He was the technical editor of the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors list and an active contributor to other efforts including the SANS Secure Programming exams, NIST's Static Analysis Tool Exposition (SATE), and the Common Vulnerability Scoring System (CVSS). His current interests include secure software development and testing, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research. Past work, which dates back to 1993, includes co-authoring the "Responsible Vulnerability Disclosure Process" draft with Chris Wysopal in 2002, reverse engineering of malicious code, automated vulnerability analysis of source code, and vulnerability scanning and incident response. He holds a B.S. in Computer Science from Hobart College.
- Bob Martin is a Principal Engineer at MITRE, a company that works in partnership with the government to address issues of critical national importance. For the past 17 years, Bob's efforts focused on the interplay of risk management, cyber security, and quality assessment. The majority of this time has been spent working on the CVE, OVAL, CAPEC and CWE security standards initiatives in addition to basic quality measurement and management of software projects. Bob is the project leader of the Common Weakness Enumeration (CWE) effort and the project manager for the CWE/SANS Top 25 Most Dangerous Programming Errors.