Amrit Williams, BigFix CTO continues his conversation with Adam Shostack, Emergent Chaos leader of the band, about the tradeoffs of emphasizing security versus user experience in software development. Amrit asks the question why shouldn’t security be built into software instead of being treated as an add-on? And if society agreed that should be the case, should software product development and release be subject to external regulation? Both speakers concede that compliance efforts such as PCI and Sarbanes-Oxley have not had a magic effect on software security. Shostack posits an alternative approach to software development, adding economists, sociologists and anthropologists to development projects to better understand user behaviors and insulate software from them.

Podcast