Amrit Williams, BigFix CTO speaks with Doug Wilson co-chair of Open Web Application Security Project (OWASP) Washington DC chapter and Michael Smith, the Guerilla CISO, on community efforts to improve security of web-based applications.

Subscribe in iTunes:

Subscribe with XML:

Amrit Williams, BigFix CTO concludes his conversation with Brad Arkin, Adobe Systems director of security and privacy, this time focusing on Adobe’s processes to build in security during the product development cycle.

Subscribe in iTunes:

Subscribe with XML:

Amrit Williams, BigFix CTO continues his conversation with Brad Arkin, Adobe Systems director of security and privacy focusing on post-release patch and update processes.

Subscribe in iTunes:

Subscribe with XML:

Amrit Williams, BigFix CTO talks to Brad Arkin, Adobe Systems director of security and privacy, about Adobe’s programs to improve security properties of its widely used software products both during development and after release to the field.

Subscribe in iTunes:

Subscribe with XML:

Amrit Williams, BigFix CTO continues his conversation with Adam Shostack, Emergent Chaos leader of the band, about the tradeoffs of emphasizing security versus user experience in software development. Amrit asks the question why shouldn’t security be built into software instead of being treated as an add-on? And if society agreed that should be the case, should software product development and release be subject to external regulation? Both speakers concede that compliance efforts such as PCI and Sarbanes-Oxley have not had a magic effect on software security. Shostack posits an alternative approach to software development, adding economists, sociologists and anthropologists to development projects to better understand user behaviors and insulate software from them.

Podcast

Amrit Williams, BigFix CTO, begins a three part conversation with Adam Shostack, bandleader of the Emergent Chaos blog site and author, most recently of “The New School of Information Security,” co written with Andrew Stewart. Shostack believes that the current information security crisis results from viewing the problem as a technical one disconnected from social and economic contexts. Here, Shostack cites the work of economist George Akerlof in analyzing economic actor choices in markets characterized by incomplete information, a situation often faced by buyers of software products trying to determine how vulnerable the product is to security attacks.

Podcast

Amrit Williams, BigFix CTO talks with Peter Kuper, former analyst Morgan Stanley and SC Gowen, now associated with the IANS organization on the impact of the recession on the security industry. IT security spending is down, and with it, investments in security start-ups and innovation initiatives. Kuper believes that good new technologies and well managed companies can still attract investors and customers. Furthermore, the industry supports tier of robust, established private IT security companies weathering and even prospering in current conditions. While the short term remains challenging, Kuper believes that good technologies and companies can still get a foothold in the current economic environment.

Podcast

Amrit Williams, BigFix CTO, continues his conversation with Al Huger, founder of Immunet, focusing on how the explosion in the types of malware has completely overwhelmed conventional anti-virus technologies and how Immunet is developing community-based solutions to the malware problem. Huger says that every month, 2 million new strains of malware appear on the Internet, swamping conventional signature-based malware products. Furthermore, the nature of malware has changed from loud, obvious pranks to stealthy attacks that require only a few seconds to steal desirable data and then disappear or lay dormant. Immunet works by identifying malicious files and preventing their download onto protected PCs, a sharp contrast to current generation products that fight malware only after it has put down roots in an infected machine.

Podcast

Amrit Williams, BigFix CTO, talks with Al Huger, serial security start-up entrepreneur, on Huger’s latest venture, Immunet. Huger believes that the rapid mutation of malware has oustripped the ability of signature-based anti-virus products to cope with it. Immunet proposes a community-based cloud approach, where communities of similarly employed computers (for example, an enterprise-office worker community, or 18-25 year old social media junkie community) share information in a cloud and take measures to stop aberrant behaviors. Although Huger says his company focuses initially on consumer markets, Amrit believes that enterprises might also take to this approach.

Podcast