Difference between revisions of "Podcast 5"

From OWASP
Jump to: navigation, search
m
m
Line 14: Line 14:
 
  - What is static analysis good for and what is it no good for?
 
  - What is static analysis good for and what is it no good for?
 
  - What is the exact relationship between Cigital and Fortify?
 
  - What is the exact relationship between Cigital and Fortify?
  - Why do you think your “top 19” is any better than the OWASP top 10 or the CWE top 25? (Special note, the 19 Sins work is Mike Howard’s and John Viega’s…I was not involved.)
+
  - Why do you think your “top 19” is any better than the OWASP top 10 or the CWE top 25?  
 
  - Why does Cigital have a proprietary approach to IP?
 
  - Why does Cigital have a proprietary approach to IP?
 
  - What makes the Touchpoints any better than the SDL or CLASP?
 
  - What makes the Touchpoints any better than the SDL or CLASP?

Revision as of 18:00, 26 January 2009

OWASP Podcast Series #5

Recorded January 15, 2009

- Listen Now owasp_podcast_5.mp3

overview-icon-itunes20081106.jpg Feed-icon-32x32.png

Participants

- Gary McGraw is the CTO of Cigital.
- Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.

Interview with Gary McGraw

- Why do you insist on use of the term “software security” as opposed to “application security”?
- What is static analysis good for and what is it no good for?
- What is the exact relationship between Cigital and Fortify?
- Why do you think your “top 19” is any better than the OWASP top 10 or the CWE top 25? 
- Why does Cigital have a proprietary approach to IP?
- What makes the Touchpoints any better than the SDL or CLASP?
- What is your relationship with Allan Paller and SANS?
- Who picked the “porn music” theme for Silver Bullet?


Intro Music by Rhine Singleton and Gary McGraw

- Song "To You Right Now" from the album 100 Feet Above the Ground
- Guitar and vocals: Rhine Singleton
- Mandolin, fiddle, and vocals: Gary McGraw 
- Produced by Gary McGraw