April 18th, 2008

Jon Swartz, USA Today’s award-winning technology reporter and Pulitzer Prize nominee, is Gary’s guest on the 25th episode of The Silver Bullet Security Podcast. They discuss Jon’s new book, Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity and the research that went into writing it. Gary and Jon also cover how cybercrime is driven by capitalist principals, why the general public’s attitude is so lax about software security, and how, even though it’s hard to get an accurate count of identity theft instances, they tend to show a sharp upward trend. Jon ends the episode by disclosing his secret dream career.
(Apologies for the below-average sound quality on this episode.)

Show 025 - An Interview with Jon Swartz [27:49m]:
Play Now |
Play in Popup |
Download
Posted in Shows | 4 Comments »
March 14th, 2008

Oracle Chief Security Officer Mary Ann Davidson is the guest on the 24th episode of The Silver Bullet Security Podcast. Gary and Mary Ann discuss how an MBA helps in the CSO role, Oracle’s “Unbreakable” campaign, why everyone needs training in secure coding, and how military history informs computer security. They also talk about how a young CSO-to-be got her first library card.

Show 024 - An Interview with Mary Ann Davidson [28:45m]:
Play Now |
Play in Popup |
Download
Posted in Shows | 4 Comments »
February 19th, 2008

On the 23rd episode of The Silver Bullet Security Podcast, Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing. Chris was one of the seven original members of the L0pht hacker collective (operating under the hacker handle Weld Pond) and later went on to work for @stake. Gary and Chris reminisce about L0pht (and the warehouse full of stuff) and discuss the role of security researchers now versus in the mid-late ’90s. They also talk about the current state of the software security market and its continued growth.

Show 023 - An Interview with Chris Wysopal [24:48m]:
Play Now |
Play in Popup |
Download
Posted in Shows | No Comments »
January 23rd, 2008

On the 22nd episode of The Silver Bullet Security Podcast, Gary interviews Ed Amoroso, Chief Information Security Officer of AT&T. They discuss how Peter Neumann influenced Ed, the difference between bugs and flaws and whether bugs are getting too much attention, the propensity for confusion around how security actually works, privacy, security, and monitoring, and software correctness/quality vs software security. They also discuss the Hugh Thompson show now airing on AT&T’s Tech Channel.

Show 022 - An Interview with Ed Amoroso [32:25m]:
Play Now |
Play in Popup |
Download
Posted in Shows | No Comments »
December 21st, 2007

For the 21st episode of The Silver Bullet Security Podcast, Gary hosts a panel discussion with Cigital’s principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant) and Pravir Chandra (Principal Consultant). The group discusses the best ways for large companies to get started with software security and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints. They also ponder how much the security testing burden should fall on QA and whether developing expertise in architectural risk analysis or threat modeling is more helpful. John Steven also discusses the hole in his dining room, which threat modeling would not have helped to prevent.

Show 021 - A Panel Discussion with Cigital's Principals [23:35m]:
Play Now |
Play in Popup |
Download
Posted in Shows | No Comments »
December 21st, 2007
Get the Flash Player to see this player.
Posted in Site news | No Comments »
November 16th, 2007

For the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, soon to be a reseacher at PARC after a stint as an Associate Professor of Informatics and associate director of the Center for Applied Cybersecurity Research at Indiana University. Gary and Markus discuss the difference between academic and corporate research, the idea of “perfect privacy,” moving from hardcore cryptography to sociology, how reality is mimicking phishers, and how cartoons can be used to teach security. In addition, Markus mentions the best place in Southeast Asia to get a haircut.

Show 020 - An Interview with Markus Jakobsson [24:29m]:
Play Now |
Play in Popup |
Download
Posted in Shows | 1 Comment »
October 18th, 2007

For the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure. During this show, Gary and Mikko discuss Helsinki and Finnish pronunciation, whether mobile viruses are all hype or a legitimate threat, if the iPhone as a closed system is good or bad for security, and Mikko’s prediction for the appearance of the first mobile botnet. They also chat about Finnish hip-hop.

Show 019 - An Interview with Mikko Hyppönen [22:11m]:
Play Now |
Play in Popup |
Download
Posted in Shows | 1 Comment »
September 25th, 2007

On the 18th episode of The Silver Bullet Security Podcast, Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization.

Show 018 - An Interview with Eugene Spafford [28:08m]:
Play Now |
Play in Popup |
Download
Posted in Shows | 1 Comment »
August 24th, 2007

On the 17th episode of The Silver Bullet Security Podcast, Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers.

Show 017 - An Interview with Eric Cole [29:23m]:
Play Now |
Play in Popup |
Download
Posted in Shows | 2 Comments »