« Kiva Update | Main | Security Services Deployment in Federated World »


Stephen Craig Evans

Hi Gunnar,

Great interview. And Gary has the rare skill as a podcast interviewer to make it great. I already made my comments on your silverbullet podcast page, but your comments in this blog post takes me back to my comments on Adam Shostack's previous silverbullet podcast:
"I wonder why as a community that we aren’t talking more about application classification. I have seen only this paper:
The Importance of Application Classification in Secure Application Development

I do lifecycle reviews and pentests/audits/assessments for different "verticals" as you call them - financials, government, telecoms, etc - and certainly they are approached differently.

I just wonder why there's not more focus on this. Am I missing something?


The comments to this entry are closed.