Cigital » The Silver Bullet Security Podcast with Gary McGraw

Oracle Chief Security Officer Mary Ann Davidson is the guest on the 24th episode of The Silver Bullet Security Podcast. Gary and Mary Ann discuss how an MBA helps in the CSO role, Oracle’s “Unbreakable” campaign, why everyone needs training in secure coding, and how military history informs computer security. They also talk about how a young CSO-to-be got her first library card. Mary Ann Davidson’s blog Lone Survivor

Oracle Chief Security Officer Mary Ann Davidson is the guest on the 24th episode of The Silver Bullet Security Podcast. Gary and Mary Ann discuss how an MBA helps in the CSO role, Oracle’s “Unbreakable” campaign, why everyone needs training in secure coding, and how military history informs computer security. They also talk about how a young CSO-to-be got her first library card. Mary Ann Davidson’s blog Lone Survivor The post Background Behind a CSO with Mary Ann Davidson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Background Behind a CSO with Mary Ann Davidson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 23rd episode of The Silver Bullet Security Podcast, Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing. Chris was one of the seven original members of the L0pht hacker collective (operating under the hacker handle Weld Pond) and later went on to work for @stake. Gary and Chris reminisce about L0pht (and the warehouse full of stuff) and discuss the role of security researchers now versus in the mid-late ’90s. They also talk about the current state of the software security market and its continued growth. Chris’ Wikipedia entry The Art of Software Security Testing Veracode Zero in a bit – Veracode’s blog L0pht Heavy Industries SOURCE: Boston 2008

On the 23rd episode of The Silver Bullet Security Podcast, Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing. Chris was one of the seven original members of the L0pht hacker collective (operating under the hacker handle Weld Pond) and later went on to work for @stake. Gary and Chris reminisce about L0pht (and the warehouse full of stuff) and discuss the role of security researchers now versus in the mid-late ’90s. They also talk about the current state of the software security market and its continued growth. Chris’ Wikipedia entry The Art of Software Security Testing Veracode L0pht Heavy Industries The post The Growth of Software Security with Chris Wysopal appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The Growth of Software Security with Chris Wysopal appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 22nd episode of The Silver Bullet Security Podcast, Gary interviews Ed Amoroso, Chief Information Security Officer of AT&T. They discuss how Peter Neumann influenced Ed, the difference between bugs and flaws and whether bugs are getting too much attention, the propensity for confusion around how security actually works, privacy, security, and monitoring, and software correctness/quality vs software security. They also discuss the Hugh Thompson show now airing on AT&T’s Tech Channel. Transcript of this episode [PDF] Cyber Security Fundamentals of Computer Security Technology Silver Bullet Interview with Peter Neumann

On the 22nd episode of The Silver Bullet Security Podcast, Gary interviews Ed Amoroso, Chief Information Security Officer of AT&T. They discuss how Peter Neumann influenced Ed, the difference between bugs and flaws and whether bugs are getting too much attention, the propensity for confusion around how security actually works, privacy, security, and monitoring, and software correctness/quality vs software security. They also discuss the Hugh Thompson show now airing on AT&T’s Tech Channel. Transcript of this episode [PDF] Cyber Security Fundamentals of Computer Security Technology Silver Bullet Interview with Peter Neumann The post Software Security Behind AT&T with Ed Amoroso appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Software Security Behind AT&T with Ed Amoroso appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Cigital’s principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant) and Pravir Chandra (Principal Consultant). The group discusses the best ways for large companies to get started with software security and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints. They also ponder how much the security testing burden should fall on QA and whether developing expertise in architectural risk analysis or threat modeling is more helpful. John Steven also discusses the hole in his dining room, which threat modeling would not have helped to prevent. Transcript of this episode [PDF] Justice League blog Threat Modeling – a blog entry by John Steven OWASP Top 10 for 2007 OWASP The Shmoo Group

For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Cigital’s principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant) and Pravir Chandra (Principal Consultant). The group discusses the best ways for large companies to get started with software security and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints. They also ponder how much the security testing burden should fall on QA and whether developing expertise in architectural risk analysis or threat modeling is more helpful. John Steven also discusses the hole in his dining room, which threat modeling would not have helped to prevent. Transcript of this episode [PDF] Justice League blog OWASP Top 10 for 2007 OWASP The Shmoo Group The post Show 021 – A Panel Discussion with Cigital’s Principals appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 021 – A Panel Discussion with Cigital’s Principals appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

For the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, soon to be a reseacher at PARC after a stint as an Associate Professor of Informatics and associate director of the Center for Applied Cybersecurity Research at Indiana University. Gary and Markus discuss the difference between academic and corporate research, the idea of “perfect privacy,” moving from hardcore cryptography to sociology, how reality is mimicking phishers, and how cartoons can be used to teach security. In addition, Markus mentions the best place in Southeast Asia to get a haircut. Markus @ Wikipedia – he’s “orphaned”! RavenWhite Crimeware

For the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, soon to be a reseacher at PARC after a stint as an Associate Professor of Informatics and associate director of the Center for Applied Cybersecurity Research at Indiana University. Gary and Markus discuss the difference between academic and corporate research, the idea of “perfect privacy,” moving from hardcore cryptography to sociology, how reality is mimicking phishers, and how cartoons can be used to teach security. In addition, Markus mentions the best place in Southeast Asia to get a haircut. Markus @ Wikipedia – he’s “orphaned”! RavenWhite Crimeware The post Show 020 – An Interview with Markus Jakobsson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 020 – An Interview with Markus Jakobsson appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

For the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure. During this show, Gary and Mikko discuss Helsinki and Finnish pronunciation, whether mobile viruses are all hype or a legitimate threat, if the iPhone as a closed system is good or bad for security, and Mikko’s prediction for the appearance of the first mobile botnet. They also chat about Finnish hip-hop. Transcript of this episode [PDF] Mikko Hyppönen Mikko Hyppönen- Wikipedia F-Secure Mobile Malware – Mikko’s USENIX 2007 talk, both audio and video (scroll down a bit) Xevious The FSMCs

For the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure. During this show, Gary and Mikko discuss Helsinki and Finnish pronunciation, whether mobile viruses are all hype or a legitimate threat, if the iPhone as a closed system is good or bad for security, and Mikko’s prediction for the appearance of the first mobile botnet. They also chat about Finnish hip-hop. Transcript of this episode [PDF] Mikko Hyppönen Mikko Hyppönen– Wikipedia F-Secure Mobile Malware – Mikko’s USENIX 2007 talk, both audio and video (scroll down a bit) Xevious The FSMCs The post The Legitimacy of Mobile Viruses with Mikko Hyppönen appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The Legitimacy of Mobile Viruses with Mikko Hyppönen appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 18th episode of The Silver Bullet Security Podcast, Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization. Transcript of this episode [PDF] Dr. Eugene Spafford Spaf’s blog at CERIAS Gene Spafford – Wikipedia CERIAS – Center for Education and Research in Information Assurance and Security PITAC – President’s Information Technology Advisory Committee What did you really expect? – Spaf’s post on “reformed hackers” The Internet Worm Program: An Analysis Yucks Digest

On the 18th episode of The Silver Bullet Security Podcast, Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization. Transcript of this episode [PDF] Dr. Eugene Spafford Spaf’s blog at CERIAS Gene Spafford – Wikipedia CERIAS – Center for Education and Research in Information Assurance and Security PITAC – President’s Information Technology Advisory Committee What did you really expect? – Spaf’s post on “reformed hackers” The Internet Worm Program: An Analysis Yucks Digest The post The Importance of Software Testing with Eugene Spafford appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The Importance of Software Testing with Eugene Spafford appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers. Secure Anchor Security Haven Stego-marking packets to control information leakage on TCP/IP based networks – Eric’s dissertation