I thoroughly enjoyed Show 002 - An Interview with Dan Geer. This episode of the Silver Bullet Security Podcast was indeed a good listen. During this podcast, Gary Mcgraw (host) mentioned Geer's foreword in his latest book "Software Security: Building Security In". Here is a link to the foreword.
My favorite part of Geer's foreword is where he quotes Sam Rayburn: "Any jackass can kick down a barn, but it takes a good carpenter to build one." I believe this is an extremely important idea for security professionals and services firms to comprehend. I have been doing attack & penetration reviews for a while now, and I have come across many instances where professionals in the field seldom take the time to stop and take a look at the big picture: the goal is to help make better software, and that is not one easy task. Repeatedly finding an exhaustive list of security flaws that relate to well known attack vectors is not the end goal but a symptom of an unsolved root-cause within the software development life cycle. Finding security flaws is extremely important for the software community, but I do wish more (technical) security professionals would take a step back and ask: "This is the thousandth SQL Injection finding I have written up since I've been in this field - but how does this correlate to the business unit's or client's risk? Why do these problems re-occur with the same business unit or client? How can I help them write better and secure software? How can I help them realize the root-cause of this issue so the developers know what to watch for the next time they write another line of code?"
I look forward to reading McGraw's new book. I've only looked at the table of contents so far, but I will try and write a short review if I get around to getting a copy soon.