Difference between revisions of "Podcast 61"

From OWASP
Jump to: navigation, search
m (Questions)
m
Line 1: Line 1:
'''[[OWASP_Podcast|OWASP Podcast Series]] #57'''
+
'''[[OWASP_Podcast|OWASP Podcast Series]] #61'''
  
OWASP Interview with David Linthicum<br/>
+
OWASP Interview with Richard Bejtlich<br/>
 
Published February ?, 2010<br/>
 
Published February ?, 2010<br/>
  

Revision as of 19:53, 14 February 2010

OWASP Podcast Series #61

OWASP Interview with Richard Bejtlich
Published February ?, 2010

itunes.jpg Feed-icon-32x32.png

Participants

Questions

  1. Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days?
  2. What's the difference between focusing on threats vs focusing on vulnerabilities?
  3. What is your problem with the "protect the data" mindset?
  4. What do you mean by "building visibility in"?
  5. What is your take on the Aurora/Google hack?
  6. You just tweeted that "Network Security Monitoring ideology is the proper mechanism to combat APT/APA". Do you think network IPS/IDS/WAF can help defend insecure web applications? What are the limits of Network Security Monitoring?
  7. How important a role do you think secure coding and secure software development life-cycle play in defending the enterprise?
  8. Have HIPAA, PCI, SOX and other regulations helped reduce risk in the average enterprise?
  9. Is seems pretty clear that attackers have a clear advantage. Why is that? How can we turn the tide?
  10. Any thoughts on OWASP? Are we helping the cause?
  11. Where are we going to be as an industry in 10 years?
  12. You blogged that "The trustworthiness of a digital asset is limited by the owner's capability to detect incidents compromising the integrity of that asset." Given that we don't have any high integrity database, identities or application servers - how do you detect a breach of integrity when there is no verifiable integrity in the system in the first place?