“Security defects come in two flavors; bugs in the implementation and flaws in the design. We’re paying quite a bit of attention to bugs and not enough attention fo flaws.” — Gary McGraw
Gary McGraw thinks in broad strokes. In our “50 in 50 Interview Series” discussion, Gary goes beyond our talk of component based vulnerabilities and leads the discussion to the problems inherent with the building of complex applications. From there, we talk about his latest initiatives; architectural risk analysis and how to measure your software initiatives.
We begin the discussion with DevOps, where Gary introduces the idea of “moving left“, pushing application security closer and closer to the beginning of the application development life cycle, making it an integral part of the process at the beginning, not as an add-on process of checkpoints at the end of the cycle or as the sole responsibility of operations.
Listen to the Interview: Gary McGraw – Security and the Complexity of Today’s Software