, , , ,

“Typically, people divide the (software) world into cost, schedule, functionality, quality. In my experience, almost everyone when they talk ‘quality’, are excluding security.” — David A. Wheeler

Listen to the entire interview with David A. Wheeler


“We’ve already moved to a mostly componentized world. We now have to understand that we have to update the components as we go along. We need to put tools in the customer’s hands so they can quickly identify, ‘Wow! You’re using a library with 300 known vulnerabilities. I’m not going to use your system until you get your act together.’” — David A. ¬†Wheeler

David Wheeler is a project leader at the Institute for Defense Analyses. He also teaches a graduate classon software security at George Mason University. David has a unique view of security’s role as part of the software development life cycle.

In this wide ranging discussion, we talk about the current state of security, how people are trained (or not trained) to handle security as part of the development process, and what the future looks like for the security industry.

About David A. Wheeler

My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX.