Summary: The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft’s Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got started in computer security, how art/literature informs Adam’s current work, and the main ideas behind Adam’s new book The New School of Information Security. They go on to chat about Adam’s aversion to the term “best practices,” the role IEEE Security & Privacy magazine plays in bringing the science of security to a practical level, and whether the biggest problem of the CardSystems breach was following the letter, rather than the spirit, of PCI. Also on the agenda, duck-billed platypuses, Kandinski, and books by Pynchon. (Beginning with this episode, Silver Bullet will be available as a 192k MP3.) Emergent Chaos blog The New School of Information Security Microsoft’s SDL Wassily Kandinsky The CardSystems breach (2005) Thomas Pynchon The post Show 026 – An Interview with Adam Shostack appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 026 – An Interview with Adam Shostack appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.
