As previously mentioned, Scott and I interviewed a couple of Microsoft Security gurus yesterday. As each interview went about 45 minutes, it’s going to take a while to distill down into a couple of posts. I should have something up on that next week. James Whittaker and Michael Howard are the two process/policy owners of Microsoft’s SDL. They were both enthusiastic and informative evangelists, not just on the subject of software security in general, but also on specific methodologies and processes that work to achieve more secure code.
I sent emails out to several project leaders and such on open source projects. I am soliciting interviews from open source movers and gurus. Hopefully, that will yield some interviews to shed light on some open source process. You know, it’s hard to write good software. It seems that distributing a development team geographically complicates that effort, making it even harder. It also seems that distributed management adds an additional challenge. Yet there are lots of good open source products out there. I’m anxious to talk to those who make them happen, and hear about both the challenges, and the processes they use to mitigate those challenges.
If you’re on the inside of something big and open source, I’d love to pick your brain. If you know someone else who is, I’d love to pick their brain too. Drop me an email at firstname.lastname@example.org.