I just finished publishing OWASP Podcast #2 - an interview with Stephen Craig Evans.
We discussed Stephen's OWASP Summer of Code Project, Securing Webgoat with Mod Security.
You can check out the show notes for OWASP Podcast #2, download the mp3 file directly, subscribe to the RSS feed, or subscribe directly to iTunes.
I found Stephen to be very interesting in his analysis of when WAF deployment is prudent. Although WAF deployment is something I personally think of as a last resort, intelligent discussion and arguments like I heard from Stephen make it tougher for me to dismiss WAF technology outright. Great job, Stephen!