Summary: On the 68th episode of The Silver Bullet Security Podcast, Gary is joined in the studio by John Steven, internal CTO at Cigital. Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools. They close out the show discussing mixology. John Steven Articles OWASP NoVA Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal), InformIT. BSIMM “The Liberal” “The Old Fashioned” Silver Bullet: Elinor Mills The post Show 068 – An Interview with John Steven appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 068 – An Interview with John Steven appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.
