Summary: The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft’s Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got started in computer security, how art/literature informs Adam’s current work, and the main ideas behind Adam’s new book The New School of Information Security. They go on to chat about Adam’s aversion to the term “best practices,” the role IEEE Security & Privacy magazine plays in bringing the science of security to a practical level, and whether the biggest problem of the CardSystems breach was the following the letter, rather than the spirit, of PCI. Also on the agenda, duck-billed platypuses, Kandinski, and books by Pynchon. (Beginning with this episode, Silver Bullet will be available as a 192k MP3.) Transcript of this episode [PDF] Emergent Chaos blog The New School of Information Security Microsoft’s SDL Cigital’s Touchpoints IEEE Security & Privacy magazine Wassily Kandinsky The CardSystems breach (2005) Thomas Pynchon
