In this episode

• Raf asks - Why haven’t we solved the same old software security bugs?
• James asks how a security team gets out of the way and still get better security?
• We discuss threat modeling, and channel a bit of John Steven
• Jeff talks about the OWASP ESAPI and standard security libraries and controls
• Jeff talks about “libraries with known vulnerabilities” and the role of open source components
• Raf brings up the ugly side of enterprise outsourcing - code development by committee
• We discuss static, dynamic and run-time security tools
• Raf asks Jeff what the RIGHT approach to creating a software program looks like

Guest

• Jeff Williams ( @PlanetLevel ) - Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. In 2002, Jeff co-founded and became CEO of Aspect Security, a successful and innovative consulting company focused on application security. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast