Difference between revisions of "Podcast 5"

From OWASP
Jump to: navigation, search
m
m
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
'''[[OWASP_Podcast|OWASP Podcast Series]] #5'''
 
'''[[OWASP_Podcast|OWASP Podcast Series]] #5'''
 
+
<br/>Interview with Gary McGraw<br/>
 
Recorded January 15, 2009
 
Recorded January 15, 2009
  - [http://www.owasp.org/download/jmanico/owasp_podcast_5.mp3 Listen Now owasp_podcast_5.mp3]
+
  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_5.mp3 direct download]
 
+
[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png]
+
  
 
==Participants==
 
==Participants==
Line 14: Line 12:
 
  - What is static analysis good for and what is it no good for?
 
  - What is static analysis good for and what is it no good for?
 
  - What is the exact relationship between Cigital and Fortify?
 
  - What is the exact relationship between Cigital and Fortify?
  - Why do you think your “top 19” is any better than the OWASP top 10 or the CWE top 25? (Special note, the 19 Sins work is Mike Howard’s and John Viega’s…I was not involved.)
+
  - Why do you think your “top 19” is any better than the OWASP top 10 or the CWE top 25?  
 
  - Why does Cigital have a proprietary approach to IP?
 
  - Why does Cigital have a proprietary approach to IP?
 
  - What makes the Touchpoints any better than the SDL or CLASP?
 
  - What makes the Touchpoints any better than the SDL or CLASP?
 
  - What is your relationship with Allan Paller and SANS?
 
  - What is your relationship with Allan Paller and SANS?
  - Who picked the “porn music” theme for Silver Bullet?
+
  - And more!
 
+
  
 
==Intro Music by Rhine Singleton and Gary McGraw==
 
==Intro Music by Rhine Singleton and Gary McGraw==

Latest revision as of 20:31, 30 January 2009

OWASP Podcast Series #5
Interview with Gary McGraw
Recorded January 15, 2009

overview-icon-itunes20081106.jpg Feed-icon-32x32.png direct download

Participants

- Gary McGraw is the CTO of Cigital.
- Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.

Interview with Gary McGraw

- Why do you insist on use of the term “software security” as opposed to “application security”?
- What is static analysis good for and what is it no good for?
- What is the exact relationship between Cigital and Fortify?
- Why do you think your “top 19” is any better than the OWASP top 10 or the CWE top 25? 
- Why does Cigital have a proprietary approach to IP?
- What makes the Touchpoints any better than the SDL or CLASP?
- What is your relationship with Allan Paller and SANS?
- And more!

Intro Music by Rhine Singleton and Gary McGraw

- Song "To You Right Now" from the album 100 Feet Above the Ground
- Guitar and vocals: Rhine Singleton
- Mandolin, fiddle, and vocals: Gary McGraw 
- Produced by Gary McGraw