Creating Code Security Through Better Visibility – Christien Rioux – ASW #273
We've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positives. Sometimes it burdens us with too many issues. We talk about finding a scanning strategy that works well and what the definition of "works well" should even be.
Segment Resources:
Announcements
Don’t let 3rd party risk ruin your Valentine’s Day! Join Adrian Sanabria and Bill Brenner on an SC Media webcast titled: Understanding third party risk by studying third party breaches. As listeners will know, Adrian loves exploring risk through our understanding of real breaches and incidents. They’ll discuss how to prepare for some of the most concerning third party risks you should be aware of, along with our partner for this webcast, ProcessUnity.
Visit securityweekly.com/ValentineRisk to register!
Guest
Christien Rioux, also known by his handle DilDog, is a Distinguished Engineer at Lacework and the co-founder and former chief scientist for the Burlington, Massachusetts based company Veracode, for which he is the main patent holder. Educated at MIT, Rioux was a computer security researcher at L0pht Heavy Industries and then at the company @stake (later bought by Symantec). While at @stake, he looked for security weaknesses in software and led the development of Smart Risk Analyzer (SRA). He co-authored the best-selling Windows password auditing tool @stake LC (L0phtCrack) and the AntiSniff network intrusion detection system.He is also a member of Cult of the Dead Cow and its Ninja Strike Force. Formerly, he was a member of L0pht.DilDog is best known as the author of the original code for Back Orifice 2000, an open source remote administration tool. He is also well known as the author of “The Tao of Windows Buffer Overflow.”
Hosts
