The Silver Bullet Security Podcast with Gary McGraw
By Gary McGraw
To listen to an audio podcast, mouse over the title and click Play. Open iTunes to download and subscribe to podcasts.
Podcast Description
Co-sponsored by Cigital and IEEE Security & Privacy.
| Name | Description | Released | Price | ||
|---|---|---|---|---|---|
|
1 |
Show 070 – An Interview with Ross Anderson | The 70th episode of The Silver Bullet Security Podcast is our first repeat performance. Gary chats a second time with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Ross was a guest on episode 13 of The Silver Bullet Security Podcast and is our first return guest. Gary and Ross discuss the latest developments in Trusted Computing, the iterated “Prisoner’s Dilemma” as an economic model and its relevance to computer security, information compartmentalization and Wikileaks, time and security, cyberwar versus cybercrime, and Stuxnet. Silver Bullet Show 013: Ross Anderson Transcript of episode 13 [PDF] Ross Anderson Trusted Computing FAQ Security Engineering – Ross’ groundbreaking book in print and online Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security in AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New Amercian Security (June 2011). | 1/31/12 | Free | View In iTunes |
|
2 |
Show 069 – An Interview with Steve Myers | On the 69th episode of The Silver Bullet Security Podcast, Gary talks with Steve Myers, Assistant Professor of Informatics and Computing in the School of Informatics at Indiana University and a member of the Center for Applied Cybersecurity. During this show, Gary and Steve discuss the gap between “real world” computer security and “academic” computer security, the problem of cryptography, whether it’s OK to use “the NASCAR effect” to draw students into security, and spear phishing. Steve Myers Center for Applied Cybersecurity The SEED Project (Developing Instructional Laboratories for Computer SEcurity EDucation) Why Mobile to Mobile Malware Won’t Cause a Storm [PDF], paper for USENIX ’11, with Nathaniel Husted Patrick Traynor Silver Bullet Show 020: An Interview with Markus Jakobsson Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, edited by Steve Myers and Markus Jakobsson “Spear phishing” Spirit of the West | 12/29/11 | Free | View In iTunes |
|
3 |
Show 068 – An Interview with John Steven | On the 68th episode of The Silver Bullet Security Podcast, Gary is joined in the studio by John Steven, internal CTO at Cigital. Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools. They close out the show discussing mixology. John Steven @ Justice League blog OWASP NoVA Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal), InformIT. Moving to Mobile – New Threats, Justice League blog. Threat Modeling – Vocabulary, Justice League blog. BSIMM “The Liberal” “The Old Fashioned” Silver Bullet: Elinor Mills | 11/30/11 | Free | View In iTunes |
|
4 |
Show 067 – An Interview with Bill Pugh | On the 67th episode of The Silver Bullet Security Podcast, Gary talks with Bill Pugh, professor at the University of Maryland College Park. Gary and Bill discuss the Marmoset and FindBugs projects, how to teach kids to code and whether coding is an innate ability or is something that can be taught. They also geek out regarding Bill’s favorite programming languages for coding and teaching about coding. They also discuss the relationship between coding and fire eating. Bill Pugh Marmoset Dilbert minivan strip Find Bugs David Hovemeyer Find Bugs t-shirt Cliff Click UMD: Fall 2011 CMSC 433 – Programming Language Technologies and Paradigms | 10/28/11 | Free | View In iTunes |
|
5 |
Show 066 – An Interview with Shari Lawrence Pfleeger | On the 66th episode of The Silver Bullet Security Podcast, Gary chats with Shari Lawrence Pfleeger, Director of Research for the Institute for Information Infrastructure Protection at Dartmouth College. Gary and Shari discuss the difference between safety-critical software and security-critical software, why measuring software is hard (security notwithstanding), how to speed up tech transfer, and why there are so few women in computer science. Shari Lawrence Pfleeger Software Engineering: Theory and Practice, 4th edition Many media types live in the land of Twitter, but most regular people don’t by Monica Hesse in the Washington Post My Blackberry’s Not Working!, The One Ronnie The Hours by Michael Cunningham | 9/29/11 | Free | View In iTunes |
|
6 |
Show 065 – An Interview with Giovanni Vigna | On the 65th episode of The Silver Bullet Security Podcast, Gary is joined by Giovanni Vigna, professor of Computer Science at UC Santa Barbara. They discuss DEFCON’s classic Capture the Flag contest as well as UCSB’s international version. They ponder how the notion of “build security in” might be integrated into a CTF-type contest. Gary and Giovanni also talk about Giovanni’s favorite course to teach, the challenge of communicating security issues with non-technical people, and the role of blackbox testing in security. They close out the show discussing how to teach a toddler to pick locks. Giovanni at UCSB DEFCON Capture the Flag Internatonal Capture the Flag Building Versus Breaking: A White Hat goes to Blackhat | 8/29/11 | Free | View In iTunes |
|
7 |
Show 064 – An Interview with Markus Schumacher | On the 64th episode of The Silver Bullet Security Podcast, Gary chats with Markus Schumacher, co-founder and CEO of Virtual Forge. Gary and Markus discuss the difference between working for a large corporate and a startup, why Virtual Forge built a code scanning tool for SAP’s ABAP code, whether security people understand the notion of security patterns, and Markus’ favorite beverage in Heidelberg. Virtual Forge Security Patterns, the site Security Patterns, the book Technology Transfer: A Software Security Marketplace Case Study, (IEEE Software, September/October 2011) Print Media Lounge Recipe for a Liberal (the drink) Out of Damage, Markus’ band | 7/29/11 | Free | View In iTunes |
|
8 |
Show 063 – An Interview with Craig Miller | On the 63rd episode of The Silver Bullet Security Podcast, Gary talks with Craig Miller, principal at the MAPA Group. Gary and Craig discuss entrepreneurship, the pluses and minuses of working for start-ups and very large corporations, smart grid security, and working with NRECA. They close out the show discussing movies and books. Dr. Craig Miller MAPA Group SAIC Smart grid NRECA NERC Continuous improvement On the Waterfront Moby Dick | 6/28/11 | Free | View In iTunes |
|
9 |
Show 062 – An Interview with Halvar Flake | On the 62nd episode of The Silver Bullet Security Podcast, Gary chats with Halvar Flake (a.k.a. Thomas Dullien), founder of reverse engineering consultancy, Zynamics, which was recently purchased by Google. Gary and Halvar discuss the acquisition, Zynamics’ product BinDiff, whether the “bad guys” are using code understanding tools (including decompilers) better than developers, static versus dynamic analysis, international politics meets computer security, and the growing complexity of malware. They close out with a discussion of music. ADD / XOR / ROL – Halvar’s blog @halvarflake US Denies Entry (2007) Cyber Warmongering and Influence Peddling (November 24, 2010) Google’s purchase of Zynamics BinDiff Silver Bullet #41: Fred Schneider Silver Bullet #46: David Rice | 5/31/11 | Free | View In iTunes |
|
10 |
Show 061 – An Interview with Carl Landwehr | On the 61st episode of The Silver Bullet Security Podcast, Gary talks with Carl Landwehr, Director of Trustworthy Computing at the National Science Foundation and a Senior Research Scientist at the Institute for Systems Research within the University of Maryland. Gary and Carl discuss the most important changes in information security that have developed over the course of Carl’s career, the academic perspective of the state of commercial computer security, how to balance security and privacy, and the reason behind the leaking of government documents to Wikileaks. They close out the episode discussing books. Carl Landwehr National Science Foundation IEEE Security & Privacy Magazine Silver Bullet #46: David Rice | 4/28/11 | Free | View In iTunes |
|
11 |
Show 060 – An Interview with Neil Daswani | On the 5th anniversary, 60th episode of The Silver Bullet Security Podcast, Gary talks with Neil Daswani, CTO and co-founder of Dasient. Gary and Neil discuss Neil’s previous work at Google and how the “start-up like” atmosphere at Google compares with an actual start-up. They also discuss bad ads (aka malvertising), Clickbot.A, the software security related emphasis on testing at Google, and sushi in San Jose. Dasient Neil Daswani Dasient Q4 2010 Malware Update Certifiable, McGraw on Software Security Certification for darkreading (May 9, 2007) Dasient Resource Center The Anatomy of Clickbot.A [PDF] Stanford Advanced Security Certification Program Tomo Sushi | 3/30/11 | Free | View In iTunes |
|
12 |
Show 059 – An Interview with Ralph Langner | On the bonus-length 59th episode of The Silver Bullet Security Podcast, Gary chats with Ralph Langner, Founder and CEO of Langner Communications. Langer Communications is a German company specializing in control systems security. Ralph was the first to determine that Stuxnet is a directed cybersecurity attack against the kinds of Siemens control systems used to control nuclear centrifuges in Iran. Gary and Ralph discuss what’s involved in introducing the concept of cybersecurity to control systems engineers, how anti-virus vendors originally responded to the Stuxnet, as well as plenty of detailed technical info about the worm with an emphasis on its payload. Langner Communications Stuxnet Software [In]security: How to p0wn a Control System with Stuxnet Software [In]security: Cyber Warmongering and Influence Peddling Israeli Test on Worm Called Crucial in Iran Nuclear Delay (New York Times) | 2/25/11 | Free | View In iTunes |
|
13 |
Show 058 – An Interview with John Savage | On the 58th episode of The Silver Bullet Security Podcast, Gary talks with John Savage, professor of Computer Science at Brown University and Jefferson Science Fellow for the State Department. Gary and John discuss whether Wikileaks is a terrorist organization, if the use of a cyber-weapon like Stuxnet can be a morally justified act, and the implications of computational nanotechnology on cybersecurity. Transcript of this episode [PDF] John Savage at Brown University Jefferson Science Fellow: Dr. John Savage International Telecommunication Union Silver Bullet #49: Ivan Arce The Girl with the Dragon Tattoo Homomorphic Encryption | 1/24/11 | Free | View In iTunes |
|
14 |
Show 057 – An Interview with Elinor Mills | On the 57th Silver Bullet Security Podcast, Gary talks with Elinor Mills, senior writer at CNET’s news.com. At CNET, Elinor covers Internet technology and security. Gary and Elinor discuss how writing about technology for news organizations has changed over the last 20 years, how technology adoption in Portugal differs from the States, WikiLeaks and the First Amendment, avoiding FUD when covering a breaking news story about security, and Burning Man. They close the episode with a brief discussion of Elinor’s favorite books. Transcript of this episode [pdf] Elinor at CNET Insecurity Complex – Elinor’s blog Elinor on Twitter Drama in the Desert: Sights and Sounds of Burning Man / Raised Barn Press Demilitarizing cybersecurity (Q&A) How to p0wn a Control System with Stuxnet Intellus Reputation Defender Eating Animals The Corrections | 12/23/10 | Free | View In iTunes |
|
15 |
Show 056 – An Interview with Sammy Migues | On the 56th Silver Bullet Security Podcast, Gary sits down with Sammy Migues, Principal and Director of Knowledge Management at Cigital. Gary and Sammy discuss how Sammy’s southern upbringing affects his approach to security, his experience speaking to the National Rural Electric Cooperative Association, the advantages of defensive programming versus “the bug parade” and the BSIMM. They close the show out discussing bourbon. As a bonus, Sammy may be the first person to ever use the phrase “flips my bogometer” on a podcast. Sammy at Cigital Sammy on Justice League At the NRECA conference – Sammy’s blog post (with video) about his NRECA talk. BSIMM Community Conference BSIMM Trusted Computer System Evaluation Criteria – aka “The Orange Book” “The Antique Collection” bourbon | 11/30/10 | Free | View In iTunes |
|
16 |
Show 055 – An Interview with Deborah Frincke | On the 55th Silver Bullet Security Podcast, Gary chats with Deborah Frincke, Chief Scientist, Cybersecurity at Pacific Northwest National Laboratory. Gary and Deb discuss the differences between being a professor and a researcher, whether a professional certification is better than an academic degree, and how a woman’s reasons for getting into the computer security field may differ from a man’s. They close out the episode by talking flowers. Deborah Frincke on Twitter Software [In]security: Technology Transfer, informIT Pacific Northwest National Labs University of Idaho Computer Science University of Idaho Center for Secure & Dependable Systems NSA National Centers of Academic Excellence Orchidaceae | 10/29/10 | Free | View In iTunes |
|
17 |
Show 054 – An Interview with Marc Donner | On the 54th Silver Bullet Security Podcast, Gary talks with Dr. Marc Donner, engineering director for Google Health and Google Finance. Gary and Marc discuss science-fiction books from the last decade, why Americans like to talk about cyberwarfare, and security issues and privacy concerns as related to Google Health initiatives. They finish up their discussion by talking about the Syrup Wars. Marc Donner hacks from the bleeding edge (Marc’s blog) AI Bites Man? (and the rest of the Biblio Tech archives) Iron Sunrise, Singularity Sky | 9/27/10 | Free | View In iTunes |
|
18 |
Show 053 – An Interview with Richard Bejtlich | On the 53rd episode of The Silver Bullet Security Podcast, Gary interviews Richard Bejtlich, Director of Incident Response for General Electric and Principal Technologist for GE’s Global Infrastructure Services division. They discuss whether it’s better to look for known problems or anomalies when performing network security monitoring, how to explain security incidents to “business guys,” the notion of “building visibility in,” and the difference between working as an independent consultant in a very small shop and working in a large corporation. TaoSecurity blog Silver Bullet #19: Mikko Hyppönen Silver Bullet #41: Fred Schneider VizSec 2010 keynote | 8/23/10 | Free | View In iTunes |
|
19 |
Show 052 – An Interview with Paul Kocher | On the 52nd episode of The Silver Bullet Security Podcast, Gary chats with Paul Kocher, President and Chief Scientist of Cryptography Research. Gary and Paul discuss the first system that Paul ever broke, whether engineers and architects need to think like the “bad guys” or not, the decision to put content protection on Blu-Ray discs rather than the player, and whether P=NP. Transcript of this episode [PDF] Cryptography Research (Paul @ Cryptography Research) How Crypto Won the DVD War Macrovision to Acquire Blu-ray Disc Security Technology from Cryptography Research, Inc. (press release) P versus NP problem | 7/21/10 | Free | View In iTunes |
|
20 |
Show 051 – An Interview with Anup Ghosh | On the 51st episode of The Silver Bullet Security Podcast, Gary talks with former co-worker Dr. Anup Ghosh. Anup has authored three books on e-commerce security and over 40 peer-reviewed articles and is founder and chief scientist of Invincea. Gary and Anup discuss the difference between working in a startup and in goverment research, why antivirus doesn’t work against the ZeuS botnet and what businesses should do to protect themselves, and the relevance of the desktop in the future of computing. They close out with a discussion about Anup’s favorite newspapers and recent books. Invincea Anup’s books on Amazon Advanced Technology Program ZeuS botnet summary Why Patching Isn’t Enough | 6/25/10 | Free | View In iTunes |
|
21 |
Show 050 – An Interview with Richard Clarke | On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. Gary and Dick discuss what needs to change in order for the United States to focus more attention on defense against cyber war (as opposed to offense). They also discuss the importance of software security in preventing cyber crime and cyber war, network scanning as a part of Dick’s “Defensive Triad,” and balancing cybersecurity against individual liberty. We also uncover whether being a guest on Silver Bullet is more stressful than being on The Colbert Report. This special edition of Silver Bullet was also captured on video. View the video below (for those on feed readers, go to this episode’s page for the video): Transcript of this episode [PDF] Richard A. Clarke Cyber War 9/11 Commission Report What if the smart grid has stupid security? Select TV appearances: Real Time with Bill Maher (2010) / The Daily Show (2008) / The Colbert Report (2007) / The Colbert Report (2005) / 60 Minutes (2004) | 6/1/10 | Free | View In iTunes |
|
22 |
Show 049 – An Interview with Ivan Arce | On the 49th episode of The Silver Bullet Security Podcast, Gary talks with Ivan Arce, co-founder and CTO of Core Security Technologies. Gary and Ivan discuss whether teaching builders to think like attackers is worthwhile, how living in Argentina both helps and hinders a career in computer security, the current state of embedded systems attacks, and Ivan’s ongoing disagreement with Microsoft about Virtual PC vulnerabilities. They close things out with a discussion of science fiction books and whether scotch trumps bourbon. Core Security Technologies Ivan @ Core Security Technologies Attack Points blog (CSO Online) Ivan on the Core Security Technologies’ blog Security vulnerability in Microsoft’s Virtual PC Assume Nothing: Is Microsoft Forgetting a Crucial Security Lesson? SiSU manifest of document filetypes and metadata | 4/30/10 | Free | View In iTunes |
|
23 |
Show 048 – An Interview with Andrew Jaquith | On the 48th episode of The Silver Bullet Security Podcast, Gary interviews Andrew Jaquith, senior analyst at Forrester. Gary and Andy discuss how security has become overrun by compliance in the biggest change to corporate security in 15 years, the battle between social networking technology use in the workplace (think Twitter, Facebook, AIM…) and security, security metrics (or lack of such), and Andy’s latest musical find. Andrew Jaquith Andy on Twitter Data Security Predictions For 2010 (December 02, 2009) Know Your Code: How Static Analysis Tools Make Applications More Secure (November 20, 2009) BSIMM @stake Securitymetrics.org Security Metrics: Replacing Fear, Uncertainty, and Doubt S/MIME Silver Bullet #26: Adam Shostack Moby: “Southside (feat. Gwen Stefani)” | 3/25/10 | Free | View In iTunes |
|
24 |
Show 047 – An Interview with Greg Morrisett | On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett. Greg is the Allen B. Cutting Professor of Computer Science and Associate Dean for Computer Science and Engineering in the School of Engineering and Applied Sciences at Harvard University. Gary and Greg discuss the relationship between security and programming languages, why the choice of a good programming language (and/or VM) is more important than code review, sensor networks and security, information control, and Gary and Greg’s most embarrassing moment from adolescence. Transcript of this episode [PDF] Greg Morrisett The Center for Research on Computation and Society Ynot RoboBees NoBot GoNative | 2/28/10 | Free | View In iTunes |
|
25 |
Show 046 – An Interview with David Rice | On the bonus-length 46th episode of The Silver Bullet Security Podcast, Gary talks with David Rice, Executive Director of the Monterey Group and author of Geekonomics: The Real Cost of Insecure Software. Gary and David discuss David’s involvement with Infowar at the Naval Postgraduate School and how it impacted his thinking about software, the recent Chinese cyberattack on Google, what incentives exist to create and apply software security best practices, how users may be mistaking marketing for security, and the SANS WhatWorks in Application Security Summit. They close out by discussing unusual yoga positions. Monterey Group Geekonomics: The Real Cost of Insecure Software (also: Geekonomics Blog) Silver Bullet #41 – Fred Schneider Silver Bullet #11 – Dorothy Denning Software Security Comes of Age (InformIT) – on the growth of the software security space Google Defends Against Large Scale Chinese Cyber Attack SANS WhatWorks in Application Security Summit 2010 BSIMM Beached Whale yoga position | 1/27/10 | Free | View In iTunes |
|
26 |
Show 045 – An Interview with Lorrie Cranor | On the 45th episode of The Silver Bullet Security Podcast, Gary chats with Lorrie Cranor, Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Melon University. Gary and Lorrie discuss how everyday people think about privacy and what we can do to get them to care about it, the relationship between trust and privacy, and why the US is lagging behind the EU on privacy-related issues. They close out the discussion by talking about women in computing. Lorrie Cranor Security and Usability: Designing Secure Systems That People Can Use Web Privacy with P3P CyLab Usable Privacy and Security Laboratory (CUPS) A “Nutrition Label” for Privacy BSIMM Europe Google search privacy video | 12/18/09 | Free | View In iTunes |
|
27 |
Show 044 – An Interview with Steve Kent | On the 44th episode of The Silver Bullet Security Podcast, Gary talks with Steve Kent, Chief Scientist – Information Security, for BBN Technologies, a division of Raytheon. Gary and Steve discuss the history of network security, secure transport and base Internet protocols, the role of politics in the adoption of security on the Internet, applied cryptography, and whether security and individual liberty co-exist. They finish by discussing extremely high end wine. Internet’s Biggest Security Hole Securing the Border Gateway Protocol (PPT) 2006: Statement before Congress regarding a nationwide ID system BSIMM Europe | 11/25/09 | Free | View In iTunes |
|
28 |
Show 043 – An Interview with Christofer Hoff | On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco. Hoff is well known for his colorful blog posts and presentations on cloud security and other complex security issues. Suffice it to say, the cloud was a big topic for this issue. And rum. Transcript of this episode [PDF] Christofer Hoff Rational Survivability The Frogs Who Desired a King: A Virtualization & Cloud Computing Fable Cloudifornication: Indiscriminate Information I*********e Involving Internet Infrastructure Mount Gay Extra Old Rum (Gary’s favorite) Ron Zacapa Centenario Rum (Hoff’s favorite) | 10/21/09 | Free | View In iTunes |
|
29 |
Show 042 – An Interview with Gillian Hayes | On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine. Gary and Gillian discuss how much people really need to know about security going on behind the scenes, how usability affects the health records security, whether or not surveillance changes how 20-somethings act in public (including on the net), and how having more women technologists positively impacts the humanization of technology. Transcript of this episode [PDF] Gillian Hayes Social and technological action research (STAR) Ben Shneiderman National Center for Women and Information Technology The Discovery of Heaven | 9/25/09 | Free | View In iTunes |
|
30 |
Show 041 – An Interview with Fred Schneider | On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace. On the show, Gary and Fred discuss the relationship between security and reliability, diversity as a security mechanism, and the continuum of attack categories from configuration problems, to bugs, to flaws, to trust issues. Fred briefly discusses Pointillism at the end of the show. Transcript of this episode [PDF] Fred B. Schneider IEEE Security and Privacy 7, 1 (January/February 2009) [PDF], 14–17. With Ken Birman. Trust in Cyberspace Pointillism (Seurat) | 8/21/09 | Free | View In iTunes |
| 31 | Show 040 – An Interview with Bob Blakley | Industry Leaders In Application Security & Research | 7/17/09 | Free | View In iTunes |
|
32 |
Show 039 – An Interview with Matt Blaze | For the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania. Gary and Matt start the show off discussing the Obama administration’s “cyber coordinator” plan and the large number of cyber plans that are never cyber realized. They also discuss key escrow, warrantless wiretapping, the responsibility we have to stay engaged with issues surrounding individual liberty and privacy, and the similarities between physical locks and computer security. Matt’s musical tastes are also briefly touched on. Matt Blaze Matt Blaze – Wikipedia Matt Blaze’s Exhaustive Search – Matt’s blog Safecracking, Secrecy and Science Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks – IEEE Security & Privacy, March/April 2003 RSA panel on Surveillance Silver Bullet 11: Dorothy Denning Trust Management Signaling Vulnerabilities in Wiretapping Systems – IEEE Security & Privacy, November/December 2005, by M. Sherr, E. Cronin, S. Clark and M. Blaze. Eno/Byrne: Everything That Happens Will Happen Today | 6/17/09 | Free | View In iTunes |
|
33 |
Show 038 – An Interview with Kay Connelly | For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU’s Center for Applied Cybersecurity Research. Gary and Kay discuss why in situ usability study is important, the E.T.H.O.S. living lab (including the “presence clock” and the portal monitor), and Kay’s advice to women interested in pursuing a career in computer science. Kay Connelly E.T.H.O.S. – Ethical Technology in the Homes of Seniors Crafting a Smarter, Gentler Cell Phone – NPR story featuring Kay Connelly Why It’s Worth the Hassle: The Value of In-Situ Studies When Designing Ubicomp [PDF] Silver Bullet #7: John Stewart Silver Bullet #15: Annie Antón HIPAA Ambient (Presence) Clock Portal Monitor The Song Is You: A Novel by Arthur Phillips I Was Told There’d Be Cake by Sloane Crosley | 5/19/09 | Free | View In iTunes |
|
34 |
Show 037 – An Interview with Virgil Gligor | On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab. Gary and Virgil discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security. They close out with a discussion of Virgil’s breakfast-eating habits. Transcript of this episode [PDF] Virgil D. Gligor (@ Carnegie Mellon) CyLab Electrical and Computer Engineering at Carnegie Mellon University Building a Secure Computer System Foreign Intelligence Surveillance Act Software Security Comes of Age RSA panel to discuss surveillance, privacy concerns Computer Security: Art and Science by Matt Bishop Towards a Theory of Penetration-Resistant Systems and its Applications (1991) A Formal Method for the Identification of Covert Storage Channels in Source Code (1987) | 4/21/09 | Free | View In iTunes |
|
35 |
Show 036 – An Interview with Gary McGraw (by James McGovern) | We switch things up for this special third anniversary episode of Silver Bullet. This time around, Gary is the victim, being interviewed by James McGovern, Enterprise Architect for The Hartford Financial Services Group, Inc. and OWASP maven. Gary and James discuss the recently released Building Security In Maturity Model, how companies with Software Security Groups retain their best and brightest, Microsoft’s trustworthy computing initiative/SDL program, and what less expensive tools small organizations with only a few developers can use. Transcript of this episode [PDF] Enterprise Architecture: From Incite comes Insight… – James McGovern’s blog Gary McGraw’s site Software Security: Building Security In Building Security In Maturity Model (BSIMM) Gartner releases paper on Static Analysis – James’ blog entry on Gartner Cigital’s John Steven to lead OWASP Northern Virginia Local Chapter (press release) | 3/18/09 | Free | View In iTunes |
|
36 |
Show 035 – An Interview with Daniel Suarez | On the 35th episode of The Silver Bullet Security Podcast, Gary talks with Daniel Suarez, independent consultant and author of Daemon, a new techno-thriller about a gamer that reaches from beyond the grave to declare a war on all of humanity. They talk about Daniel’s new book and the movie options attached to it, the use of MMORPGs and flash mobs for nefarious means in the form of a distributed emergent attack, the current state of AI, and the follow-up to Daemon, Freedom TM. Daemon Daniel on Last call with Carson Daly Al-Qaeda in Second Life Distraction by Bruce Sterling Halting State by Charles Stross Bot-Mediated Reality at the Long Now Foundation Wired for War by P.W. Singer | 2/23/09 | Free | View In iTunes |
|
37 |
Show 034 – An Interview with Bill Brenner | On the 34th episode of The Silver Bullet Security Podcast, Gary interviews Bill Brenner, senior editor at CSO Online and CSO Magazine. Gary and Bill discuss how delivering the security message changes based on the audience (executives versus geeks and CSO’s versus CIO’s), the much-exaggerated death of print media, and balancing headline-grabbing sensationalism with solid security business coverage. They close out their interview with a discussion of Bill’s favorite period of history. Bill Brenner at CSO Online Bill Brenner on LinkedIn Bill Brenner on Facebook Security Wire Weekly Security Insights Podcast 1 Raindrop – Gunnar Peterson’s blog. Silver Bullet interviews with Jon Swartz, USA Today, Dennis Fisher, Tech Target, and Jeremiah Grossman, Whitehat | 1/14/09 | Free | View In iTunes |
|
38 |
Ad: Reality Check Security Podcast | We’re happy to announce the debut of The Reality Check Security Podcast with Gary McGraw: The Reality Check Podcast with Gary McGraw focuses directly on software security practitioners and practical software security. Reality Check’s sister podcast, the Silver Bullet Security Podcast with Gary McGraw, follows a free form interview style tailored highlight the ideas and experience of security gurus. By contrast, Reality Check is concerned with practical questions centered on running large-scale software security initiatives in the real world. Reality Check targets experienced leaders working to solve software security problems in large organizations every day. We use a standard script to guide each conversation with questions about history, methodology, best practice, and measurement. We plan to interview leaders of mature software security programs and leaders of programs just getting started. | 1/6/09 | Free | View In iTunes |
|
39 |
Show 033 – An Interview with Laurie Williams | On the 33rd episode of The Silver Bullet Security Podcast, Gary talks with Laurie Williams, Associate Professor of Computer Science at North Carolina State University. Gary and Laurie discuss Laurie’s nine years at IBM, Agile’s adoption in the commercial space, XP and software security, and what changes Laurie would make to the standard computer science curriculum to better prepare students. Laurie Williams Empirical Software Engineering Protection Poker tutorial Is Complexity Really the Enemy of Software Security? [PDF] Silver Bullet interview with Adam Shostack Law of Attraction audiobook | 12/22/08 | Free | View In iTunes |
|
40 |
Show 032 – An Interview with Jeremiah Grossman | The 32nd episode of The Silver Bullet Security Podcast features founder and Chief Technology Officer of WhiteHat Security, Jeremiah Grossman. Gary and Jeremiah discuss clickjacking, cross-site request forgery, why 50% of web problems can’t be discovered reliably automatically, and which conferences Jeremiah most enjoyed on his 2008 world tour. Transcript of this episode [PDF] Jeremiah Grossman Clickjacking Adobe 0-day Browser Exploit Cross-Site Request Forgeries: Exploitation and Prevention [PDF] Web Spoofing: An Internet Con Game by Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach. Web application scan-o-meter The “Wall of Fame” | 11/13/08 | Free | View In iTunes |
| 41 | Show 031 – An Interview with Matt Bishop | Industry Leaders In Application Security & Research | 10/20/08 | Free | View In iTunes |
|
42 |
Show 030 – An Interview with Ken van Wyk | On the 30th episode of The Silver Bullet Security Podcast, Gary talks with Ken van Wyk, principal and founder of KRvW Associates. Ken was the first employee of CERT and has been an active member of FIRST. Ken and Gary discuss why the discipline of computer science doesn’t learn from failure like mechanical engineering does, how we’re making steps backwards in computer security, whether focusing on web applications is a good or bad thing for software security, and Ken’s recommendation for moderately-priced red wines. Ken’s personal page KRvW Associates CERT FIRST Secure Coding Incident Response SC-L mailing list From the foreword to Secure Programming with Static Analysis – blog entry with photo of Tacoma Narrows Bridge TJX’s stock increase since the January 2007 security breach The Addison-Wesley Software Security Series Barbera D’Asti wines | 9/26/08 | Free | View In iTunes |
|
43 |
Show 029 – An Interview with Dennis Fisher | On the 29th episode of The Silver Bullet Security Podcast, Gary talks with Dennis Fisher, executive editor of The Security Media Group at TechTarget. Dennis helps run SearchSecurity.com and Information Security Magazine. Gary and Dennis discuss the current “BS factor” in security journalism, shopping at TJ Maxx right after the TJX privacy breach, the state of software security, and which is harder: being a fry cook at Hardees or working as a PR flack. Dennis’ blog TJX Joe Walsh plays dirty laundry Software Security Grows Dennis’ un-named podcast Series of Tubes Hardees Nike/iPod | 8/18/08 | Free | View In iTunes |
|
44 |
Show 028 – An Interview with Bill Cheswick | On the 28th episode of The Silver Bullet Security Podcast, Gary interviews Bill Cheswick, a lead member of technical staff at AT&T Research and all around security guru. Bill has been working in computer security for over 35 years. He coined the term “proxy” in 1990 with reference to firewalls, and co-authored the book Firewalls and Internet Security which was used to train an entire generation of sys admins. Gary and Bill discuss whether we’re winning or losing the computer security war, how security threats have evolved from pimply-faced teenagers to organized crime, whether we should move security into “the cloud,” and whether re-naming “Christmas lights” to “solstice lights” would bypass NJ holiday decoration ordinances. Transcript of this episode [PDF] Bill Cheswick AT&T Research Lumeta FWIS “The Design of a Secure Internet Gateway” (Usenix 1990, coining of “proxy”) The Apache web server Turtles all the Way Down Ed Amoroso’s Silver Bullet Podcast (use blink test to compare) Solstice Lights | 7/15/08 | Free | View In iTunes |
|
45 |
Show 027 – An Interview with Gunnar Peterson | On the 27th episode of The Silver Bullet Security Podcast, Gary interviews software security expert Gunnar Peterson, a Managing Principal at Arctec Group. Gary and Gunnar begin with the age-old question, “What is security?” They go on to discuss how Web 2.0 and SOA security is progressing, the big idea behind “federated identity,” whether all market verticals can follow the software security lead of the financial services industry, and the inherent badness of the color purple. Transcript of this episode [PDF] Build Security In column from IEEE S&P Gunnar’s Blog informIT (Securing Web 3.0) Metricon 3.0 Butler Lampson on Security Federated Identity Ping Identity Gerald Weinberg Verizon Business Security: Patching Conundrum | 6/18/08 | Free | View In iTunes |
|
46 |
Show 026 – An Interview with Adam Shostack | The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft’s Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got started in computer security, how art/literature informs Adam’s current work, and the main ideas behind Adam’s new book The New School of Information Security. They go on to chat about Adam’s aversion to the term “best practices,” the role IEEE Security & Privacy magazine plays in bringing the science of security to a practical level, and whether the biggest problem of the CardSystems breach was the following the letter, rather than the spirit, of PCI. Also on the agenda, duck-billed platypuses, Kandinski, and books by Pynchon. (Beginning with this episode, Silver Bullet will be available as a 192k MP3.) Transcript of this episode [PDF] Emergent Chaos blog The New School of Information Security Microsoft’s SDL Cigital’s Touchpoints IEEE Security & Privacy magazine Wassily Kandinsky The CardSystems breach (2005) Thomas Pynchon | 5/15/08 | Free | View In iTunes |
|
47 |
Show 025 – An Interview with Jon Swartz | Jon Swartz, USA Today‘s award-winning technology reporter and Pulitzer Prize nominee, is Gary’s guest on the 25th episode of The Silver Bullet Security Podcast. They discuss Jon’s new book, Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity and the research that went into writing it. Gary and Jon also cover how cybercrime is driven by capitalist principals, why the general public’s attitude is so lax about software security, and how, even though it’s hard to get an accurate count of identity theft instances, they tend to show a sharp upward trend. Jon ends the episode by disclosing his secret dream career. (Apologies for the below-average sound quality on this episode.) Transcript of this episode [PDF] Zero Day Threat Jon’s USA Today articles Three recent articles: Microsoft still seen with a win Online crime’s impact spreads AOL, News Corp. join battle over Yahoo The New Face of Cybercrime trailer | 4/18/08 | Free | View In iTunes |
|
48 |
Show 024 – An Interview with Mary Ann Davidson | Oracle Chief Security Officer Mary Ann Davidson is the guest on the 24th episode of The Silver Bullet Security Podcast. Gary and Mary Ann discuss how an MBA helps in the CSO role, Oracle’s “Unbreakable” campaign, why everyone needs training in secure coding, and how military history informs computer security. They also talk about how a young CSO-to-be got her first library card. Mary Ann Davidson’s blog Unbreakable Linux Lone Survivor | 3/14/08 | Free | View In iTunes |
|
49 |
Show 023 – An Interview with Chris Wysopal | On the 23rd episode of The Silver Bullet Security Podcast, Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing. Chris was one of the seven original members of the L0pht hacker collective (operating under the hacker handle Weld Pond) and later went on to work for @stake. Gary and Chris reminisce about L0pht (and the warehouse full of stuff) and discuss the role of security researchers now versus in the mid-late ’90s. They also talk about the current state of the software security market and its continued growth. Chris’ Wikipedia entry The Art of Software Security Testing Veracode Zero in a bit – Veracode’s blog L0pht Heavy Industries Vulnwatch SOURCE: Boston 2008 | 2/19/08 | Free | View In iTunes |
|
50 |
Show 022 – An Interview with Ed Amoroso | On the 22nd episode of The Silver Bullet Security Podcast, Gary interviews Ed Amoroso, Chief Information Security Officer of AT&T. They discuss how Peter Neumann influenced Ed, the difference between bugs and flaws and whether bugs are getting too much attention, the propensity for confusion around how security actually works, privacy, security, and monitoring, and software correctness/quality vs software security. They also discuss the Hugh Thompson show now airing on AT&T’s Tech Channel. Transcript of this episode [PDF] Cyber Security Fundamentals of Computer Security Technology Silver Bullet Interview with Peter Neumann AT&T’s Tech Channel Gary on The Hugh Thompson Show | 1/23/08 | Free | View In iTunes |
|
51 |
Show 021 – A Panel Discussion with Cigital’s Principals | For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Cigital’s principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant) and Pravir Chandra (Principal Consultant). The group discusses the best ways for large companies to get started with software security and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints. They also ponder how much the security testing burden should fall on QA and whether developing expertise in architectural risk analysis or threat modeling is more helpful. John Steven also discusses the hole in his dining room, which threat modeling would not have helped to prevent. Transcript of this episode [PDF] Justice League blog Threat Modeling – a blog entry by John Steven OWASP Top 10 for 2007 OWASP The Shmoo Group | 12/21/07 | Free | View In iTunes |
|
52 |
Show 020 – An Interview with Markus Jakobsson | For the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, soon to be a reseacher at PARC after a stint as an Associate Professor of Informatics and associate director of the Center for Applied Cybersecurity Research at Indiana University. Gary and Markus discuss the difference between academic and corporate research, the idea of “perfect privacy,” moving from hardcore cryptography to sociology, how reality is mimicking phishers, and how cartoons can be used to teach security. In addition, Markus mentions the best place in Southeast Asia to get a haircut. Markus @ Indiana Markus @ Wikipedia – he’s “orphaned”! RavenWhite SecurityCartoon.com Crimeware Phishing and Countermeasures Using Cartoons to Teach Internet Security | 11/16/07 | Free | View In iTunes |
|
53 |
Show 019 – An Interview with Mikko Hyppönen | For the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure. During this show, Gary and Mikko discuss Helsinki and Finnish pronunciation, whether mobile viruses are all hype or a legitimate threat, if the iPhone as a closed system is good or bad for security, and Mikko’s prediction for the appearance of the first mobile botnet. They also chat about Finnish hip-hop. Transcript of this episode [PDF] Mikko Hyppönen Mikko Hyppönen- Wikipedia F-Secure Mobile Malware – Mikko’s USENIX 2007 talk, both audio and video (scroll down a bit) Xevious The FSMCs | 10/18/07 | Free | View In iTunes |
|
54 |
Show 018 – An Interview with Eugene Spafford | On the 18th episode of The Silver Bullet Security Podcast, Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization. Transcript of this episode [PDF] Dr. Eugene Spafford Spaf’s blog at CERIAS Gene Spafford – Wikipedia CERIAS – Center for Education and Research in Information Assurance and Security Mothra – Mutation testing PITAC – President’s Information Technology Advisory Committee What did you really expect? – Spaf’s post on “reformed hackers” The Internet Worm Program: An Analysis Yucks Digest | 9/25/07 | Free | View In iTunes |
|
55 |
Show 017 – An Interview with Eric Cole | On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers. Secure Anchor Security Haven Stego-marking packets to control information leakage on TCP/IP based networks – Eric’s dissertation | 8/24/07 | Free | View In iTunes |
|
56 |
Show 016 – An Interview with Greg Hoglund | On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software. In addition to shameless self-promotion of their new book, Exploiting Online Games, Gary and Greg discuss the natural tendency of certain types of code to allow exploits, how disclosure is a good thing when it comes to revealing exploits, and the use of rootkits by the “good guys.” Greg also makes us concerned that his 11-year-old daughter may 0wn our box. Rootkit.com HB Gary Greg’s Blackhat presentation from 2006: Hacking World of Warcraft(r): An Exercise in Advanced Rootkit Design [rar, 2.35M] Exploiting Online Games AWL Software Security Series | 7/12/07 | Free | View In iTunes |
|
57 |
Show 015 – An Interview with Annie Antón | On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, Associate Professor of Software Engineering at North Carolina State University and director of theprivacyplace.org. During their discussion, Annie and Gary focus on privacy. They start with an attempt to define what “privacy” is in the digital world, moving on to Annie’s work with The Privacy Place. Annie also discusses airlines’ pretty much pitiful privacy policies, the impact that a Google/Doubleclick deal would have on consumer privacy, crazy talk in EULAs, and the book Letters to a Young Catholic (which has nothing to do with privacy). A partial transcript of the interview in IEEE Security & Privacy Annie I. Antón The Privacy Place The ChoicePoint Data Security Breach Letters to a Young Catholic | 6/19/07 | Free | View In iTunes |
|
58 |
Show 014 – An Interview with Peter Neumann | The 14th episode of The Silver Bullet Security Podcast features Peter Neumann, designer of the Multics OS file system, moderator of comp.RISKS, and Principal Scientist at the SRI Computer Science Laboratory. In this show, Gary and Peter discuss the most important changes in computer security since the 1960s, the discipline involved in early Multics engineering (“nodody writes a line of code without the approving authorities [having] read and understood the specification”), why DRM is the “wrong solution to the wrong problem,” and who was more interesting to meet: Albert Einstein or Norah Jones. Peter Neumann comp.RISKS Computer-Related Risks Multics A General-Purpose File System For Secondary Storage – Peter’s 1965 paper on Multics Multics History Project The Brooklyn Boogaloo Blowout | 5/22/07 | Free | View In iTunes |
|
59 |
Show 013 – An Interview with Ross Anderson | On the 13th episode of The Silver Bullet Security Podcast, Gary chats with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Gary and Ross discuss the effect of posting his excellent book on the net for free, the simple reasons why most systems fail, the economic imbalance between engineers/developers and a system’s users (with respect to who should address security), and why publicly describing attacks is essential to security engineering. They close out by examining the security implications of wearing a kilt. Transcript of this episode [PDF] Ross Anderson Light Blue Touchpaper – A security blog by Cambridge computer scientists. Security Engineering – Ross’ groundbreaking book in print and online WEIS 2007 – Sixth Workshop on the Economics of Information Security RFID and the Middleman [PDF] The Clan Anderson Society Ross playing the bagpipes | 4/13/07 | Free | View In iTunes |
|
60 |
Show 012 – An Interview with Becky Bace | On the 12th episode of The Silver Bullet Security Podcast, Gary talks with Becky Bace, Advisor to Venture Capital firm Trident Capital. Becky spent twelve years at the NSA working on intrusion detection and cryptography from 1984 until 1996, followed by a stint at Los Alamos National Laboratory. Gary and Becky discuss growing up in rural America, explosives, and Becky’s Jimmy Hoffa sponsored college funding situation. They also talk about the evolution of security curricula in academia, rampant commercialization of computer security, Becky’s involvement in tracking down the notorious Kevin Mitnick, vicodin-induced creativity, and eclectic music. Transcript of this episode [PDF] Who’s Who in Infosec: Rebecca Bace Trident Capital – The VC firm where Becky is an advisor The IDS Den Mother – a 2002 interview Los Alamos National Labs Intrusion Detection A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness – Co-authored with Fred Smith Executive Women’s Forum Frank Sinatra The Kinsey Sicks | 3/13/07 | Free | View In iTunes |
|
61 |
Show 011 – An Interview with Dorothy Denning | On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University. Gary and Dorothy discuss Dorothy’s involvement in the Clipper Chip controversy (which earned Dorothy the moniker “clipper chick”), the concept of geo-encryption, and a famous 1990 paper she wrote describing a series of interviews with malicious hackers. Transcript of this episode [PDF] Wikipedia: Dorothy Denning Clipper Chip (More) Clipper Chick – a 1996 Wired article about the Clipper Chip controversy. The Future of Cryptography Location-Based Authentication: Grounding Cyberspace for Better Security – A 1996 paper by Dorothy Denning and Peter F. MacDoran about geo-encryption. Concerning Hackers Who Break into Computer Systems – Dorothy’s 1990 paper. Big Sur Power Walk | 2/15/07 | Free | View In iTunes |
|
62 |
Show 010 – A Panel Discussion with Fortify Software’s Technical Advisory Board | The tenth episode of The Silver Bullet Security Podcast features a panel discussion with the Fortify Software Technical Advisory Board, several of whom have been featured on previous episodes. The group discusses what commercial software tools can learn from academic research, the state of software security in China, real world lessons learned while using static analysis tools, and software security pedagogy. Participating members of the Technical Advisory Board include: Bill Pugh, Professor at University of Maryland, static analysis for finding bugs Li Gong, GM at Microsoft, MSN in China Marcus Ranum, CSO of Tenable Network Security, security products trainer Avi Rubin, Professor at Johns Hopkins, electronic voting security Fred Schneider, Professor at Cornell, trustworthy computing Greg Morrisett, Professor at Harvard, dependant type theory Matt Bishop, Professor at UC Davis, computer security Dave Wagner, Professor at Berkeley, software security and electronic voting A complete transcript of this podcast will be available soon from Fortify at http://www.fortify.com/silverbullet. | 1/22/07 | Free | View In iTunes |
|
63 |
Show 009 – An Interview with Bruce Schneier | In the ninth episode of The Silver Bullet Podcast, Gary interviews Bruce Schneier. Bruce is the founder and CTO of Counterpane and is regarded as the “uber-guru” of computer security. He has written eight bestselling books, most recently Beyond Fear: Thinking Sensibly About Security in an Uncertain World and is the editor of the massively popular Cryptogram mailing list. In this episode, Gary and Bruce discuss the connection between physical security its technological component, the idea of risk management, the intersection of economics and security, and the ideas of “wholesale surveillance” and “security theater.” They also discuss patch Tuesday, hack Wednesday, and Microsoft’s approach to software security. Bruce’s Wikipedia entry Bruce’s books Bruce’s recent restaurant reviews Counterpane Crypto-Gram security podcast Property Rights Management – Ed Felten’s discussion of PRM, mentioned on the show Copyright Mythbusters: Believe It or Not, Fair Use Exists – a look at the “fair use doesn’t exist” argument BBC plans attacked for ‘TV tax’ (March 14, 2006) Bruce’s suggestion for “cheap” wines: Loire wines, Provence Wines, Southern Rhone wines | 12/14/06 | Free | View In iTunes |
|
64 |
Show 008 – An Interview with Brian Chess | In the eighth episode of The Silver Bullet Podcast, Gary talks with Brian Chess, co-founder and chief scientist of Fortify Software. Brian completed his computer science Ph.D. at UC Santa Cruz after several years in the commercial sector. Gary and Brian discuss what commercial developers and academics have to learn from each other, what it’s like to work for a Kleiner-Perkins startup (KP is the VC firm behind familiar names like Google, Amazon, and Sun), and how mystifying it is that some developers are OK with XSS vulnerabilities in their web applications. Fortify Software extra – Fortify’s software security blog Matt Bishop’s Computer Security: Art and Science (mentioned again!) Kleiner Perkins Caufield & Byers DIMACS Workshop on Software Security with Brian Kernighan Brian as a wee lad | 11/17/06 | Free | View In iTunes |
|
65 |
Show 007 – An Interview with John Stewart | In the seventh episode of The Silver Bullet Podcast, Gary interviews Cisco Chief Security Officer John Stewart. Gary and John discuss what CSOs do all day, how John got started in computer security, and the infamous Morris Worm from 1988 (which John was deeply involved in while a student at Syracuse). John and Gary also revisit Cisco-gate, talk about how John’s identity was stolen, and determine why John’s kids don’t have e-mail addresses. Transcript of this episode [PDF] Executive Perspective: John Stewart on Vulnerability Disclosure Wikipedia: CSO Digital Island The What, Why, and How of the 1988 Internet Worm – a look at the history of the Morris Worm Cisco-gate Five Ways to Fight ID Theft – John talks about finding himself a victim of identity theft; see also: the motorcycle he was trying to buy when he found out John Stewart, but not the one Gary interviews (and not the one you’re thinking of) | 10/25/06 | Free | View In iTunes |
|
66 |
Show 006 – An Interview with Michael Howard | The sixth episode of the show features an interview with Michael Howard, the Senior Security Program Manager of Microsoft’s Security Technology Unit. Michael has been at Microsoft since 1992 and discusses what it has been like watching the company come to grips with software security. Michael continues to play a key roll in implementing the Trustworthy Computing Initiative at Microsoft. Gary and Michael also discuss the security features of Windows Vista and Michael’s recommendations for the two most important best practices when developing secure software. Listen for a startling revelation about Michael’s choice of a “desert island book.” Michael Howard’s blog Writing Secure Code by Michael Howard Wikipedia: Defense in Depth Microsoft’s Trustworthy Computing Security Development Lifecycle Matt Bishop’s computer security books – These would go with Michael to a desert island. Michael Howard – but not the one Gary interviewed. | 9/28/06 | Free | View In iTunes |
|
67 |
Show 005 – An Interview with Ed Felten | The fifth edition of the Silver Bullet Security Podcast features Ed Felten, Professor of Computer Science and Public Affairs at Princeton University and the Director of the Center for Information Technology Policy. Gary and Ed take a look at Ed’s predictions for 2006 and how he’s faring so far and then discuss Ed’s relationship with his former adversaries. They also talk about how to discuss difficult technology issues with lawmakers and the importance of public policy and the law to computer scientists. Ed also outlines the challenges of raising a bright 11-year-old. A partial transcript of the interview in IEEE Security & Privacy Freedom to Tinker – Ed Felten’s blog Ed’s Predictions for 2006 Wikipedia: Series of Tubes Subscribe to IEEE Security & Privacy | 8/28/06 | Free | View In iTunes |
|
68 |
Show 004 – An Interview with Dana Epp | In the fourth episode of the Silver Bullet Security Podcast, Gary’s guest is Dana Epp, CEO and founder of Scorpion Software. Dana also runs a popular software security blog and is a jazz trumpeter. On this show, Dana and Gary talk about past programming disasters (“code lives forever”), the security implications of systems with ever-increasing complexity, suggestions for new developers interested in learning about software security, regulation’s role in information security, and Miles Davis. SilverStr’s blog – Dana’s blog It’s Pat! RemoteAccess BBS The 5 Rules of the Regulatory Process Chris Botti SC-L List Bitches Brew Subscribe to IEEE Security & Privacy | 7/31/06 | Free | View In iTunes |
| 69 | Show 003 – An Interview with Marcus Ranum | Industry Leaders In Application Security & Research | 7/14/06 | Free | View In iTunes |
|
70 |
Show 002 – An Interview with Dan Geer | In this episode of the Silver Bullet Security Podcast, Gary chats with Dan Geer, Chief Scientist at Verdasys. Dan has a Ph.D. in biostatistics from Harvard. He and Gary discuss the need to understand both technology and business in order to be a good security practitioner, Dan’s paper Cyber Insecurity, his work on Project Athena, and livestock. A partial transcript of the interview in IEEE Security & Privacy Dan Geer on Wikipedia Cyber Insecurity: The Cost of Monopoly (PDF) Project Athena on Wikipedia How Much Information 2003 Subscribe to IEEE Security & Privacy | 6/12/06 | Free | View In iTunes |
|
71 |
Show 001 – An Interview with Avi Rubin | In the debut episode of the Silver Bullet Security Podcast, Gary talks with Avi Rubin, professor of computer science and technical director of the information security institute at Johns Hopkins University. Avi made headlines in 2003 when he revealed glitches in Diebold electronic voting machines. Links: A partial transcript of the interview in IEEE Security & Privacy Avi’s site Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting, Avi’s forthcoming book ACCURATE – A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections Froot Loops and Corn Flakes Subscribe to IEEE Security & Privacy | 4/19/06 | Free | View In iTunes |
| Total: 71 Episodes |
Customer Reviews
excellent
by far one of the best things to listen to on ur way back from work even if ur not a software professional. I would gladly pay for this if I had to. Keep up the good work
