There should be an image here!In this RunAs Radio podcast, Richard and I talk to Dana Epp about finding and fixing a security vulnerability.

Dana tells the story of how a customer found a bug in one of Scorpion Software’s products that surfaced a weakness in a Microsoft security API. Ultimately Dana describes how they altered their application to protect their application from a whole class of exploits.

Dana Epp, Scorpion Software’s founder and CEO, researches software security and sets the corporate vision in the convergence of information security principles and practices with digital information asset protection. As a computer security software architect, Dana has spent the last 15 years focusing on software development with a particular emphasis on security engineering. His latest research has been on risk-based authentication, focusing on strong two-factor authentication for small business.

Dana has been twice awarded the Community Spirit Award for Business in recognition of his ongoing initiatives in promoting high technology industries in his community, and won the 2001 Chamber of Commerce “Young Entrepreneur of the Year” award. In 2006 and 2007 Mr. Epp has been honored with the award and distinction of “Microsoft Windows Security MVP” for his work and expertise in Windows security. Mr. Epp is the author of “Computer Security Concepts: Managing Business Threats in a Wired World”, a book written to explain at an executive level how to handle the threats of online risk as companies move to the new digital economy, and is the author of the popular security blog, Dana Epp’s Rambling at the Sanctuary.

[awsbullet:Inside the Security Mind]