This year is CERT's 20th anniversary. It's hard to believe but it was started way back in 1988. Thinking back, I was using AT&T DOS at the time and playing the original Leisure Suit Larry in the Land of the Lounge Lizards with a monochrome screen.
Back in June of 2007 I participated in their podcast series with my co-author Bill Crowell (Former NSA Dep. Director), after publishing my second book. I listened to a number of other interviewees, and was instantly hooked on the quality of topics and speakers. CERT continues to have a ton of great information to offer.
Back to the interview, Pethia gives a very interesting chronology of CERT over the years - changes in focus, new threats, predictions, etc. What I found particularly interesting were Perthia's comments to the following question, "Application security is becoming an area of focus now in security. Are we at the tipping point yet?"
Perthia: "I think we are getting close to a tipping point. Organizations are getting better at securing their networks and operating systems. When you think about how difficult is it for bad guy to accomplish what he wants to accomplish, attacking operating systems is going to continue to get harder. I see the whole field of applications as the next line of attacks because that is where the least attention has been paid so far. So people will be under pressure to understand we need to do a better job there."
I couldn't agree more. When you start working with the people in this industry that seem to be doing the most cutting edge research on technologies around application and data security like WAF and DAM, as well as individuals that are focused on vulnerability assessments, code review, and the like, you certainly get a sense that the threatscape is far worse than we might even think.