Software Security: Industry Influencers   /     David A. Wheeler on the Current State of Application Security

Description

"Typically, people divide the (software) world into cost, schedule, functionality, quality. In my experience, almost everyone when they talk 'quality', are excluding security." -- David Wheeler David Wheeler is a project leader at the Institute for Defense Analyses. He also teaches a graduate classon software security at George Mason University. David has a unique view of security's role as part of the software development life cycle. In this wide ranging discussion, we talk about the current state of security, how people are trained (or not trained) to handle security as part of the development process, and what the future looks like for the security industry. "We've already moved to a mostly componentized world. We now have to understand that we have to update the components as we go along. We need to put tools in the customer's hands so they can quickly identify, 'Wow! You're using a library with 300 known vulnerabilities. I'm not going to use your system until you get your act together.'" -- David Wheeler About David A. Wheeler My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX. http://www.dwheeler.com/

Summary

"Typically, people divide the (software) world into cost, schedule, functionality, quality. In my experience, almost everyone when they talk 'quality', are excluding security." -- David Wheeler David Wheeler is a project leader at the Institute for Defense Analyses. He also teaches a graduate classon software security at George Mason University. David has a unique view of security's role as part of the software development life cycle. In this wide ranging discussion, we talk about the current state of security, how people are trained (or not trained) to handle security as part of the development process, and what the future looks like for the security industry. "We've already moved to a mostly componentized world. We now have to understand that we have to update the components as we go along. We need to put tools in the customer's hands so they can quickly identify, 'Wow! You're using a library with 300 known vulnerabilities. I'm not going to use your system until you get your act together.'" -- David Wheeler About David A. Wheeler My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX. http://www.dwheeler.com/

Subtitle
"Typically, people divide the (software) world in…
Duration
00:18:09
Publishing date
2014-06-10 14:05
Link
https://soundcloud.com/trustedsoftwarealliance/david-wheeler-on-the-current-state-of-application-security
Contributors
  Mark Miller, Trusted Software Alliance
author  
Enclosures
http://feeds.soundcloud.com/stream/153709281-trustedsoftwarealliance-david-wheeler-on-the-current-state-of-application-security.mp3
audio/mpeg