Cigital » The Silver Bullet Security Podcast with Gary McGraw

In the ninth episode of The Silver Bullet Podcast, Gary interviews Bruce Schneier. Bruce is the founder and CTO of Counterpane and is regarded as the “uber-guru” of computer security. He has written eight bestselling books, most recently Beyond Fear: Thinking Sensibly About Security in an Uncertain World and is the editor of the massively popular Cryptogram mailing list. In this episode, Gary and Bruce discuss the connection between physical security its technological component, the idea of risk management, the intersection of economics and security, and the ideas of “wholesale surveillance” and “security theater.” They also discuss patch Tuesday, hack Wednesday, and Microsoft’s approach to software security. Bruce’s Wikipedia entry Bruce’s books Crypto-Gram security podcast Property Rights Management – Ed Felten’s discussion of PRM, mentioned on the show Copyright Mythbusters: Believe It or Not, Fair Use Exists – a look at the “fair use doesn’t exist” argument BBC plans attacked for ‘TV tax’ (March 14, 2006) Bruce’s suggestion for “cheap” wines: Provence Wines, Southern Rhone wines

In the ninth episode of The Silver Bullet Podcast, Gary interviews Bruce Schneier. Bruce is the founder and CTO of Counterpane and is regarded as the “uber-guru” of computer security. He has written eight bestselling books, most recently Beyond Fear: Thinking Sensibly About Security in an Uncertain World and is the editor of the massively popular Cryptogram mailing list. In this episode, Gary and Bruce discuss the connection between physical security its technological component, the idea of risk management, the intersection of economics and security, and the ideas of “wholesale surveillance” and “security theater.” They also discuss patch Tuesday, hack Wednesday, and Microsoft’s approach to software security. Bruce’s Wikipedia entry Bruce’s books Crypto-Gram security podcast Property Rights Management – Ed Felten’s discussion of PRM, mentioned on the show Copyright Mythbusters: Believe It or Not, Fair Use Exists – a look at the “fair use doesn’t exist” argument BBC plans attacked for ‘TV tax’ (March 14, 2006) The post Phyisical And Computer Security Compared with Bruce Schneier appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Phyisical And Computer Security Compared with Bruce Schneier appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

In the eighth episode of The Silver Bullet Podcast, Gary talks with Brian Chess, co-founder and chief scientist of Fortify Software. Brian completed his computer science Ph.D. at UC Santa Cruz after several years in the commercial sector. Gary and Brian discuss what commercial developers and academics have to learn from each other, what it’s like to work for a Kleiner-Perkins startup (KP is the VC firm behind familiar names like Google, Amazon, and Sun), and how mystifying it is that some developers are OK with XSS vulnerabilities in their web applications. Matt Bishop’s Computer Security: Art and Science (mentioned again!) Kleiner Perkins Caufield & Byers Brian as a wee lad

In the eighth episode of The Silver Bullet Podcast, Gary talks with Brian Chess, co-founder and chief scientist of Fortify Software. Brian completed his computer science Ph.D. at UC Santa Cruz after several years in the commercial sector. Gary and Brian discuss what commercial developers and academics have to learn from each other, what it’s like to work for a Kleiner-Perkins startup (KP is the VC firm behind familiar names like Google, Amazon, and Sun), and how mystifying it is that some developers are OK with XSS vulnerabilities in their web applications. Matt Bishop’s Computer Security: Art and Science (mentioned again!) Kleiner Perkins Caufield & Byers Brian as a wee lad The post Show 008 – An Interview with Brian Chess appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 008 – An Interview with Brian Chess appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

In the seventh episode of The Silver Bullet Podcast, Gary interviews Cisco Chief Security Officer John Stewart. Gary and John discuss what CSOs do all day, how John got started in computer security, and the infamous Morris Worm from 1988 (which John was deeply involved in while a student at Syracuse). John and Gary also revisit Cisco-gate, talk about how John’s identity was stolen, and determine why John’s kids don’t have e-mail addresses. Transcript of this episode [PDF] Wikipedia: CSO Digital Island The What, Why, and How of the 1988 Internet Worm – a look at the history of the Morris Worm Cisco-gate Five Ways to Fight ID Theft – John talks about finding himself a victim of identity theft; see also: the motorcycle he was trying to buy when he found out

In the seventh episode of The Silver Bullet Podcast, Gary interviews Cisco Chief Security Officer John Stewart. Gary and John discuss what CSOs do all day, how John got started in computer security, and the infamous Morris Worm from 1988 (which John was deeply involved in while a student at Syracuse). John and Gary also revisit Cisco-gate, talk about how John’s identity was stolen, and determine why John’s kids don’t have e-mail addresses. Wikipedia: CSO Digital Island The What, Why, and How of the 1988 Internet Worm – a look at the history of the Morris Worm The post Day in The Life of a CSO with John Stewart appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Day in The Life of a CSO with John Stewart appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

The sixth episode of the show features an interview with Michael Howard, the Senior Security Program Manager of Microsoft’s Security Technology Unit. Michael has been at Microsoft since 1992 and discusses what it has been like watching the company come to grips with software security. Michael continues to play a key roll in implementing the Trustworthy Computing Initiative at Microsoft. Gary and Michael also discuss the security features of Windows Vista and Michael’s recommendations for the two most important best practices when developing secure software. Listen for a startling revelation about Michael’s choice of a “desert island book.” Michael Howard’s blog Writing Secure Code by Michael Howard Wikipedia: Defense in Depth Microsoft’s Trustworthy Computing Security Development Lifecycle Matt Bishop’s computer security books – These would go with Michael to a desert island. Michael Howard – but not the one Gary interviewed.

The sixth episode of the show features an interview with Michael Howard, the Senior Security Program Manager of Microsoft’s Security Technology Unit. Michael has been at Microsoft since 1992 and discusses what it has been like watching the company come to grips with software security. Michael continues to play a key roll in implementing the Trustworthy Computing Initiative at Microsoft. Gary and Michael also discuss the security features of Windows Vista and Michael’s recommendations for the two most important best practices when developing secure software. Listen for a startling revelation about Michael’s choice of a “desert island book.” Michael Howard’s blog Writing Secure Code by Michael Howard Wikipedia: Defense in Depth Microsoft’s Trustworthy Computing Security Development Lifecycle Matt Bishop’s computer security books – These would go with Michael to a desert island. Michael Howard – but not the one Gary interviewed. The post Security’s impact on Microsoft with Michael Howard appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Security’s impact on Microsoft with Michael Howard appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

The fifth edition of the Silver Bullet Security Podcast features Ed Felten, Professor of Computer Science and Public Affairs at Princeton University and the Director of the Center for Information Technology Policy. Gary and Ed take a look at Ed’s predictions for 2006 and how he’s faring so far and then discuss Ed’s relationship with his former adversaries. They also talk about how to discuss difficult technology issues with lawmakers and the importance of public policy and the law to computer scientists. Ed also outlines the challenges of raising a bright 11-year-old. A partial transcript of the interview in IEEE Security & Privacy Freedom to Tinker – Ed Felten’s blog Ed’s Predictions for 2006 Wikipedia: Series of Tubes Subscribe to IEEE Security & Privacy

The fifth edition of the Silver Bullet Security Podcast features Ed Felten, Professor of Computer Science and Public Affairs at Princeton University and the Director of the Center for Information Technology Policy. Gary and Ed take a look at Ed’s predictions for 2006 and how he’s faring so far and then discuss Ed’s relationship with his former adversaries. They also talk about how to discuss difficult technology issues with lawmakers and the importance of public policy and the law to computer scientists. Ed also outlines the challenges of raising a bright 11-year-old. Freedom to Tinker – Ed Felten’s blog Ed’s Predictions for 2006 Wikipedia: Series of Tubes The post 2006 Technology Predications with Ed Felton appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post 2006 Technology Predications with Ed Felton appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

In the fourth episode of the Silver Bullet Security Podcast, Gary’s guest is Dana Epp, CEO and founder of Scorpion Software. Dana also runs a popular software security blog and is a jazz trumpeter. On this show, Dana and Gary talk about past programming disasters (“code lives forever”), the security implications of systems with ever-increasing complexity, suggestions for new developers interested in learning about software security, regulation’s role in information security, and Miles Davis. SilverStr’s blog – Dana’s blog It’s Pat! RemoteAccess BBS The 5 Rules of the Regulatory Process Chris Botti SC-L List Bitches Brew Subscribe to IEEE Security & Privacy

In the fourth episode of the Silver Bullet Security Podcast, Gary’s guest is Dana Epp, CEO and founder of Scorpion Software. Dana also runs a popular software security blog and is a jazz trumpeter. On this show, Dana and Gary talk about past programming disasters (“code lives forever”), the security implications of systems with ever-increasing complexity, suggestions for new developers interested in learning about software security, regulation’s role in information security, and Miles Davis. SilverStr’s blog – Dana’s blog It’s Pat! RemoteAccess BBS The 5 Rules of the Regulatory Process SC-L List Bitches Brew The post A Software Security Industry 360 with Dana Epp appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post A Software Security Industry 360 with Dana Epp appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Industry Leaders In Application Security & Research

In the third episode of the Silver Bullet Security Podcast, Gary talks with Marcus Ranum, who is an acclaimed security guru widely credited with inventing the proxy firewall. Marcus and Gary discuss why Marcus thinks we’re not making progress in the computer security field, how common sense would help computer security, Richard Feynman, and power tools for home repair and improvement. Ranum.com The Six Dumbest Ideas in Computer Security Old West Snake Oil Patch Tuesday Richard Feynman The post The Computer Security Plateau with Marcus Ranum appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The Computer Security Plateau with Marcus Ranum appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

In this episode of the Silver Bullet Security Podcast, Gary chats with Dan Geer, Chief Scientist at Verdasys. Dan has a Ph.D. in biostatistics from Harvard. He and Gary discuss the need to understand both technology and business in order to be a good security practitioner, Dan’s paper Cyber Insecurity, his work on Project Athena, and livestock. A partial transcript of the interview in IEEE Security & Privacy Dan Geer on Wikipedia Project Athena on Wikipedia How Much Information 2003 Subscribe to IEEE Security & Privacy