Cigital » The Silver Bullet Security Podcast with Gary McGraw

L. Jean Camp is a Professor at the Indiana University School of Informatics and Computing. Gary and Jean discuss usability and security, whether users’ implicit expectations of security and privacy are enough to move the mobile market, and “old people” and security. They close out their discussion with the most surprising hangover cure and Jean’s favorite album of 2014. L. Jean Camp L. Jean Camp (Wikipedia) L. Jean Camp Google Scholar Citations The End of Privacy, Science Magazine Bastille: “Pompeii” The post Show 107 – An Interview with Jean Camp appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 107 – An Interview with Jean Camp appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.” Gary and Steve discuss the history and evolution of the CISO position, the difficulty of measuring risk in a realistic fashion, how to allocate resources between proactive security engineering and standard network security, triage, and incident response, what it means to be an executive, and the FS-ISAC. Security Risk Solitions Steve Katz as banking executive FS-ISAC The Patient will see you

Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.” Gary and Steve discuss the history and evolution of the CISO position, the difficulty of measuring risk in a realistic fashion, how to allocate resources between proactive security engineering and standard network security, triage, and incident response, what it means to be an executive, and the FS-ISAC. Security Risk Solitions Steve Katz as banking executive FS-ISAC The Patient will see you The post Show 106 – An Interview with Steve Katz appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 106 – An Interview with Steve Katz appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography. Gary and Whitfield discuss the history of public key cryptography, Diffie’s work on the “proof of correctness of programs,” and if backdoors into crypto systems are a bad idea. They close out by discussing art. Whitfield Diffie Whitfield Diffie (Wikipedia) New Directions in Cryptography (1976) [PDF]

On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography. Gary and Whitfield discuss the history of public key cryptography, Diffie’s work on the “proof of correctness of programs,” and if backdoors into crypto systems are a bad idea. They close out by discussing art. Whitfield Diffie Whitfield Diffie (Wikipedia) New Directions in Cryptography (1976) [PDF] The post The History of Public Key Cryptography with Whitfield Diffie appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The History of Public Key Cryptography with Whitfield Diffie appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37. Gary and Rick discuss Rick’s time in the Navy and what it taught him about security, Rick’s lessons learned from his time as CEO of Tovaris, whether the government outside of DARPA understands security engineering, and the drive behind MACH37 the company… and the name. They close out by discussing if Rick is teaching his children to wrestle. Rick on Twitter MACH37

On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37. Gary and Rick discuss Rick’s time in the Navy and what it taught him about security, Rick’s lessons learned from his time as CEO of Tovaris, whether the government outside of DARPA understands security engineering, and the drive behind MACH37 the company… and the name. They close out by discussing if Rick is teaching his children to wrestle. Rick on Twitter MACH37 The post Show 104 – An Interview with Rick Gordon appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 104 – An Interview with Rick Gordon appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security. Gary and Brian discuss how growing up with a computer affected their future careers in security, MUD vs MAD, why “old media” can’t support in-depth security reporting, and why the government continues to be five years behind the security curve. They close out talking about Brian’s experience of writing Spam Nation. Krebs on Security Brian on Twitter Reporting From the Web’s Underbelly, The New York Times Silver Bullet Security Podcast 102: Richard Danzig Spam Nation The post Show 103 – An Interview with Brian Krebs appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 103 – An Interview with Brian Krebs appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard’s time at the Department of Defense, what he learned when running the US Navy that can be applied to computer security, Richard’s recommendations from his important new CNAS report, and how the report is designed to have an impact on policy. The close out their chat with a high-brow art discussion. Richard on Wikipedia Richard @ navy.mil Richard @ CNAS National Service: What Would It Mean? by Richard Danzig Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies by Richard Danzig Silver Bullet Security Podcast Show 002: Dan Geer Silver Bullet Security Podcast Show 007: John Stewart Jacopo Robusti, called Tintoretto. Crucifixion. 1565. The post Show 102 – An Interview with Richard Danzig appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 102 – An Interview with Richard Danzig appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design. The participants discuss the origin of the Center, why design flaws are more difficult to fix than implementation bugs, design flaws in automobile design, and how the top 10 most common flaws recently published by the Center for Secure Design were compiled. Center for Secure Design Silver Bullet 93 – An Interview with Yoshi Kohno Silver Bullet 99 – An Interview with Michael Hicks Silver Bullet 100 – A Roundtable with Cigital’s Principals Software [in]security — software flaws in application architecture Software [in]security and scaling architecture risk analysis Software Security The post Software Security with the Founders of the Center for Secure Design appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Software Security with the Founders of the Center for Secure Design appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

After 100 months in a row (over 8 years), the Silver Bullet Security Podcast with Gary McGraw hits its landmark 100th episode. In this episode Gary talks live on video with Cigital’s Principals: John Steven, Scott Matsumoto, Paco Hope, Jim DelGrosso and Sammy Migues. The group discusses the state of software security and how its evolved (or has it?) over the last decade. They talk Frameworks and code analysis, mobile security, software security in Europe, the forthcoming IEEE Center for Secure Design, and BSIMM. Finally we get to find out who thinks we’re making progress and who doesn’t. Cigital BSIMM Cigital on YouTube Gary McGraw Paco Hope Show 056 – An Interview with Sammy Migues Show 068 – An Interview with John Steven Show 085 – A Discussion with Jim Routh and Scott Matsumoto The post The State of Software Security with Cigital’s Principals appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The State of Software Security with Cigital’s Principals appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 99th episode of the Silver Bullet Security Podcast, Gary talks with Michael Hicks, professor Computer Science at the University of Maryland. In this episode, they discuss the Programming Language Design and Implementation (PLDI) conference, type safety, closure, dynamic languages, why C is problematic, and how Javascript is dangerous. They go on to discuss the role that cryptography plays in security, how ideas from Scrum influence the way Michael runs his research group, CMSC 838G (that is, “Software Security”), and the Build-it, Break-it, Fix-it Programming Contest. They close out their discussion with talk about drums and drumming. Michael Hicks PLDI 2014 On-line patching & security CMSC 838G Build-it, Break-it, Fix-it Programming Contest Michael @ Programming Languages Enthusiast Ludwig Drums Silver Bullet Security Podcast: Greg Morrisett The post the PLDI and Software Security with Michael Hicks appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post the PLDI and Software Security with Michael Hicks appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 98th episode of the Silver Bullet Security Podcast, Gary chats with Bart Miller, Professor of Computer Science at the University of Wisconsin-Madison and Chief Scientist of the DHS Software Assurance Marketplace Research Facility. Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of binaries, and the SWAMP project. They close out their talk by deciding: SCUBA or skiing? Professor Barton P. Miller Why Do Software Assurance Tools Have Problems Finding Bugs Like Heartbleed? (James A. Kupsch and Barton P. Miller) On Detecting Heartbleed with Static Analysis McGraw on Heartbleed shock and awe: What are the real lessons? Fuzz Testing Paradyn/Dyninst papers Dyninst Software Fault Injection Charlie Miller on Silver Bullet BSIMM Software Assurance Marketplace (SWAMP) Zuse

On the 98th episode of the Silver Bullet Security Podcast, Gary chats with Bart Miller, Professor of Computer Science at the University of Wisconsin-Madison and Chief Scientist of the DHS Software Assurance Marketplace Research Facility. Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of binaries, and the SWAMP project. They close out their talk by deciding: SCUBA or skiing? Professor Barton P. Miller Why Do Software Assurance Tools Have Problems Finding Bugs Like Heartbleed? (James A. Kupsch and Barton P. Miller) On Detecting Heartbleed with Static Analysis McGraw on Heartbleed shock and awe: What are the real lessons? Fuzz Testing Paradyn/Dyninst papers Dyninst Software Fault Injection Charlie Miller on Silver Bullet BSIMM Software Assurance Marketplace (SWAMP) Zuse The post The Hype behind Heartbleed with Bart Miller appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The Hype behind Heartbleed with Bart Miller appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 97th episode of the Silver Bullet Security Podcast, Gary chats with Aaron Bedra, Senior Manager of Application Security at Groupon. Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, type safety and closure in programming, and the most recent non-fiction book that Aaron’s read. AaronBedra.com Aaron at LinkedIn Aaron at Github @abedra at Twitter Aaron at Google+ Aaron Bedra – clojure.web/with-security Closure in programming languages Dynamic languages