David A. Wheeler on the Current State of Application Security
Update: 2014-06-10
Description
"Typically, people divide the (software) world into cost, schedule, functionality, quality. In my experience, almost everyone when they talk 'quality', are excluding security." -- David Wheeler
David Wheeler is a project leader at the Institute for Defense Analyses. He also teaches a graduate classon software security at George Mason University. David has a unique view of security's role as part of the software development life cycle.
In this wide ranging discussion, we talk about the current state of security, how people are trained (or not trained) to handle security as part of the development process, and what the future looks like for the security industry.
"We've already moved to a mostly componentized world. We now have to understand that we have to update the components as we go along. We need to put tools in the customer's hands so they can quickly identify, 'Wow! You're using a library with 300 known vulnerabilities. I'm not going to use your system until you get your act together.'" -- David Wheeler
About David A. Wheeler
My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX.
http://www.dwheeler.com/
David Wheeler is a project leader at the Institute for Defense Analyses. He also teaches a graduate classon software security at George Mason University. David has a unique view of security's role as part of the software development life cycle.
In this wide ranging discussion, we talk about the current state of security, how people are trained (or not trained) to handle security as part of the development process, and what the future looks like for the security industry.
"We've already moved to a mostly componentized world. We now have to understand that we have to update the components as we go along. We need to put tools in the customer's hands so they can quickly identify, 'Wow! You're using a library with 300 known vulnerabilities. I'm not going to use your system until you get your act together.'" -- David Wheeler
About David A. Wheeler
My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX.
http://www.dwheeler.com/
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
