Podcast 11

OWASP Podcast Series #11

OWASP Interview with MITRE Recorded February 23th, 2009

http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg https://www.owasp.org/images/d/d3/Feed-icon-32x32.png mp3

http://cwe.mitre.org/top25/

Participants
 Steve Christey is a Principal Information Security Engineer in the Security and Information Operations Division at The MITRE Corporation. Since 1999, he has been the Editor of the Common Vulnerabilities and Exposures (CVE) list and the Chair of the CVE Editorial Board. He is the technical lead of the Common Weakness Enumeration (CWE) project. He was the technical editor of the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors list and an active contributor to other efforts including the SANS Secure Programming exams, NIST's Static Analysis Tool Exposition (SATE), and the Common Vulnerability Scoring System (CVSS). His current interests include secure software development and testing, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research. Past work, which dates back to 1993, includes co-authoring the "Responsible Vulnerability Disclosure Process" draft with Chris Wysopal in 2002, reverse engineering of malicious code, automated vulnerability analysis of source code, and vulnerability scanning and incident response. He holds a B.S. in Computer Science from Hobart College. Bob Martin, CSSLP, is a Principal Engineer at MITRE, a company that works in partnership with the government to address issues of critical national importance. For the past 17 years, Bob's efforts focused on the interplay of risk management, cyber security, and quality assessment. The majority of this time has been spent working on the CVE, OVAL, CAPEC and CWE security standards initiatives in addition to basic quality measurement and management of software projects. Bob is the project leader of the Common Weakness Enumeration (CWE) effort and the project manager for the CWE/SANS Top 25 Most Dangerous Programming Errors. Bob is a frequent speaker on the various security and quality issues surrounding information technology systems and has published numerous papers on these topics. Bob joined MITRE in 1981 with a BS and MS in Electrical Engineering from RPI, later he earned an MBA from Babson College. He is a member of the ACM, AFCEA, IEEE, and the IEEE Computer Society. 