Down The Security Rabbithole

Synopsis Last winter, on a frigid afternoon I got a chance to sit down with 2 of my favorite Iowa locals, Kevin and Kenneth to talk about the tenuous relationship between QA and Information Security.  Earlier in the day I had given a workshop on software security testing (of the web variety) to a ViViT user group, and with that topic and their questions/concerns fresh in my mind I settled down for a 30 minute conversation with Kevin and Kenneth ... we essentially continued the conversation from Episode 3 (please give that a listen if you haven't yet to get a background). Some of the questions we tackled included "Which team within the software development or security organization is best positioned to test the security of applications?", and "Can Information Security ever really thoroughly test an application without the full context?" ...and much more. Give this episode a listen! Guests Kevin Riggins - @kriggins - Kevin is a veteran of the Information Security community with many years experience in vast I