Cigital » The Silver Bullet Security Podcast with Gary McGraw

On the 97th episode of the Silver Bullet Security Podcast, Gary chats with Aaron Bedra, Senior Manager of Application Security at Groupon. Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, type safety and closure in programming, and the most recent non-fiction book that Aaron’s read. AaronBedra.com Aaron at LinkedIn Aaron at Github @abedra at Twitter Aaron at Google+ Aaron Bedra – clojure.web/with-security Closure in programming languages Dynamic languages The post The Development Side of Software Security with Aaron Bedra appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The Development Side of Software Security with Aaron Bedra appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 96th episode of the Silver Bullet Security Podcast, Gary talks with Nate Fick, CEO of Endgame. Gary and Nate discuss the use of the term “cyber war” from the perspective of an ex-Marine, Nate’s time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game. They close out their chat with some Leukemia cup smack talking. Nathanial Fick @ Endgame Nathanial Fick @ CNAS One Bullet Away Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011, PDF). Nathanial Fick @ Poetry Foundation

On the 96th episode of the Silver Bullet Security Podcast, Gary talks with Nate Fick, CEO of Endgame. Gary and Nate discuss the use of the term “cyber war” from the perspective of an ex-Marine, Nate’s time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game. They close out their chat with some Leukemia cup smack talking. Nathanial Fick @ Endgame Nathanial Fick @ CNAS One Bullet Away Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011, PDF). Nathanial Fick @ Poetry Foundation The post Show 096 – An Interview with Nate Fick appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 096 – An Interview with Nate Fick appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 95th episode of the Silver Bullet Security Podcast, Gary talks with Charlie Miller, a computer security researcher with Twitter. They discuss Charlie’s history in finding security flaws in Apple products, hacking cars, and whether we’re past the bug whack-a-mole days. They close out their chat with Charlie’s official car hacking soundtrack. @0xcharlie Charlie Miller (Wikipedia) Adventures in Automotive Networks and Control Units [PDF] U.S. Gives Cybersecurity Advice to Critical Infrastructure Operators—But No Rules Detecting Car Hacks DEF CON 21 – Charlie Miller and Chris Valasek – Adventures in Automotive Networks and Control Units The post Show 095 – An Interview with Charlie Miller appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 095 – An Interview with Charlie Miller appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 95th episode of the Silver Bullet Security Podcast, Gary talks with Charlie Miller, a computer security researcher with Twitter. They discuss Charlie’s history in finding security flaws in Apple products, hacking cars, and whether we’re past the bug whack-a-mole days. They close out their chat with Charlie’s official car hacking soundtrack. @0xcharlie Charlie Miller (Wikipedia) Adventures in Automotive Networks and Control Units [PDF] U.S. Gives Cybersecurity Advice to Critical Infrastructure Operators—But No Rules Detecting Car Hacks DEF CON 21 – Charlie Miller and Chris Valasek – Adventures in Automotive Networks and Control Units

On the 94th episode of the Silver Bullet Security Podcast, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals. They also talk about what developers currently think of software security, what would make developers more likely to take security seriously, how Ming uses games to teach security to his students. They close out their chat with talk of obscure and not-so-obscure music. Ming Chow Falling Into You Ming on Github Ming on Twitter Exploiting Online Games Securing Online Games (jointly authored) [PDF] The post Show 094 – An Interview with Ming Chow appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 094 – An Interview with Ming Chow appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 94th episode of the Silver Bullet Security Podcast, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals. They also talk about what developers currently think of software security, what would make developers more likely to take security seriously, how Ming uses games to teach security to his students. They close out their chat with talk of obscure and not-so-obscure music. Ming Chow Falling Into You Ming on Github Ming on Twitter Exploiting Online Games Securing Online Games (jointly authored) [PDF]

On the 93rd episode of the Silver Bullet Security Podcast, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington. Gary and Yoshi discuss how much impact academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, and helping consumers understand privacy implications of popular products’ security designs. They close out their discussion with a McGraw family secret about The Night Before Christmas. Tadayoshi Kohno (Yoshi Kohno) at the University of Washington @yoshi_kohno Profile: Tadayoshi Kohno, NOVA scienceNOW Here’s the scariest part about the Internet of Things, Washington Post DeadDrop/Strongbox Security Assessment [pdf] Java Card Security: How Smart Cards and Java Mix, from Securing Java The post Show 093 – An Interview with Yoshi Kohno appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 093 – An Interview with Yoshi Kohno appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 93rd episode of the Silver Bullet Security Podcast, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington. Gary and Yoshi discuss how much impact academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, and helping consumers understand privacy implications of popular products’ security designs. They close out their discussion with a McGraw family secret about The Night Before Christmas. Tadayoshi Kohno (Yoshi Kohno) at the University of Washington @yoshi_kohno Profile: Tadayoshi Kohno, NOVA scienceNOW Here’s the scariest part about the Internet of Things, Washington Post DeadDrop/Strongbox Security Assessment [pdf] Java Card Security: How Smart Cards and Java Mix, from Securing Java

On the 92nd episode of the Silver Bullet Security Podcast, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work (rock on). Is that YOUR computer? They also chat briefly about software security and reality. Jon and Gary close out their discussion with some book talk. ARPANET Applied Cryptography by Bruce Schneier Lavabit Silent Circle BSIMM-V Dandelion Wine The post The Early Days of Computing with Jon Callas appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post The Early Days of Computing with Jon Callas appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 92nd episode of the Silver Bullet Security Podcast, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work (rock on). Is that YOUR computer? They also chat briefly about software security and reality. Jon and Gary close out their discussion with some book talk. ARPANET Applied Cryptography by Bruce Schneier Lavabit Silent Circle BSIMM-V Dandelion Wine

On the 92nd episode of the Silver Bullet Security Podcast, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work (rock on). Is that YOUR computer? They also chat briefly about software security and reality. Jon and Gary close out their discussion with some book talk. ARPANET Applied Cryptography by Bruce Schneier Lavabit Silent Circle BSIMM-V Dandelion Wine The post Show 092 – An Interview with Jon Callas appeared first on Cigital.The post Show 092 – An Interview with Jon Callas appeared first on Cigital.

On the 91st episode of the Silver Bullet Security Podcast, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profile firms, and how to increase the number of women in computer science. They close out their discussion with talk of adult libations. Security Metrics: A Beginner’s Guide Executive Women’s Forum Cyber Security School Challenge BSIMM-V

On the 91st episode of the Silver Bullet Security Podcast, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profile firms, and how to increase the number of women in computer science. They close out their discussion with talk of adult libations. Security Metrics: A Beginner’s Guide Executive Women’s Forum Cyber Security School Challenge BSIMM-V The post A Breakdown of the BSIMM-V with Caroline Wong appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post A Breakdown of the BSIMM-V with Caroline Wong appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 90th episode of the Silver Bullet Security Podcast, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_DRBG RSA/EMC random number generator. Gary ends by asking Matthew the same question he asked Avi Rubin back on the first episode. Matthew D. Green A Few Thoughts on Cryptographic Engineering (Matthew’s blog) On the NSA RSA warns developers not to use RSA products Software [in]security — software flaws in application architecture (September 10, 2013) Silver Bullet 001: Avi Rubin Read a transcript of this episode of the Silver Bullet Security Podcast