Jeff Williams and I were able to sit down for a quick talk at the Gartner Security and Risk Management Summit. Jeff’s work with OWASP and his own company, Aspect Security, places him in a position to take a broad view of the application security market and where it’s headed.Our talk started with a talk about trends in the industry and then moves into where most of the time and money is being spent. We end with a discussion of the immense scale of the problem we’re dealing with and how there might be a different way to approach it.

This was recorded in a cavernous room, so you’ll hear a little echo and ambient noise, but it’s worth a listen.

Listen to the Interview: Jeff Williams – The Future of Application Security

Interview Highlights

    • 00:05 Trends in the security industry
    • 03:16 Where is time and money being spent in security
    • 04:09 How can testing and dev be improved
    • 05:20 Is there real value in penetration testing
    • 07:45 The scale of the problem

About Jeff Williams
As a pioneer in the software development and security field, Jeff is one of the world’s foremost experts on application security and is frequently called upon as a subject matter expert by organizations and media. Jeff and his team at Aspect Security are founding members of the Open Web Application Security Project (OWASP), through which Jeff has made significant industry contributions including: the OWASP Top Ten, Enterprise Security API (ESAPI), Application Security Verification Standard (ASVS), Risk Rating Methodology and WebGoat. Jeff holds advanced degrees in Psychology, Computer Science & Human Factors, and graduated cum laude from Georgetown Law.

Jeff is a frequent flier, delivering his expertise to groups worldwide. When he isn’t researching, coding or spending time with his family, you can most likely find him on the basketball court. He is probably the world’s tallest AppSec expert, standing at 6’8, his teammates don’t call him “Big Franchise” for nothing! Jeff can be reached at: jeff.williams ‘at’ aspectsecurity.com