Down The Security Rabbithole

In this episode Raf asks - Why haven’t we solved the same old software security bugs? James asks how a security team gets out of the way and still get better security? We discuss threat modeling, and channel a bit of John Steven Jeff talks about the OWASP ESAPI and standard security libraries and controls Jeff talks about “libraries with known vulnerabilities” and the role of open source components Raf brings up the ugly side of enterprise outsourcing - code development by committee We discuss static, dynamic and run-time security tools Raf asks Jeff what the RIGHT approach to creating a software program looks like   Guest Jeff Williams ( @PlanetLevel ) - Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. In 2002, Jeff co-founded and became CEO of Aspect Security, a successful and innovative consulting company focused on application security. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP