[Owasp-leaders] FW: [SC-L] Silver Bullet: McGovern interviews McGraw

Jim Manico jim.manico at aspectsecurity.com
Thu Mar 19 15:33:53 EDT 2009

> Gary's opinion on OWASP is fascinating...

What, that we (and all of FOSS) are communists (implying that we stifle
innovation?) I found Gary's OWASP comments to be insulting, demeaning
and radically off base. He seems to use his popularity to constantly
undermine our organization and core mission of providing free tools to
the appsec community. Some of his comments include, "OWASP emphasizes
web applications way too much (?).... just a bunch of consultants.... I
like to use OWASP as a distribution channel for Cigital.... "

I don't want to feed him overly much; but he is basically a OWASP Troll
in my eyes.

But James, your enterprise questions are great (oh yes I did save them
all) and I already started integrating them into OWASP interviews after
#12. I'm also very eager to get you on the series, I have a lot of open
slots for April! =)

- Jim

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of McGovern,
James F (HTSC, IT)
Sent: Thursday, March 19, 2009 9:50 AM
To: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] FW: [SC-L] Silver Bullet: McGovern interviews

 Gary's opinion on OWASP is fascinating...

-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org] On Behalf Of Gary McGraw
Sent: Wednesday, March 18, 2009 5:27 PM
To: Secure Code Mailing List
Cc: James McGovern; Jenny Stout
Subject: [SC-L] Silver Bullet: McGovern interviews McGraw

hi sc-l,

For the third anniversary (!) edition of Silver Bullet, that is episode
36, we do something different.   James McGovern,  OWASP maven, and
Enterprise Architect for The Hartford Financial Services Group,
interviews me.  You may recall that James responded to the OWASP podcast
posting here with a set of question he would have asked.  Well, that got
me thinking, and here you have it.  James in charge.

We talk about many aspects of software security, including:

 *   BSIMM
 *   the UML cloud of utter nonsense
 *   outsourced/offshore software and security
 *   a geographic analysis of software security maturity
 *   the analysts (Gartner/Forrester)
 *   whether the IDE will take over source code analysis
 *   RATS and ITS4
 *   OWASP, SANS, education, and web app myopia
 *   Microsoft
 *   Metrics for software security
 *   why PCI is utterly useless


As always, your feedback on the podcast is welcome.


This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If
you are not the intended recipient, please notify the sender immediately
by return e-mail, delete this communication and destroy all copies.

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the OWASP-Leaders mailing list