For the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania. Gary and Matt start the show off discussing the Obama administration’s “cyber coordinator” plan and the large number of cyber plans that are never cyber realized. They also discuss key escrow, warrantless wiretapping, the responsibility we have to stay engaged with issues surrounding individual liberty and privacy, and the similarities between physical locks and computer security. Matt’s musical tastes are also briefly touched on.

• Matt Blaze
• Matt Blaze - Wikipedia
• Matt Blaze’s Exhaustive Search - Matt’s blog
• Safecracking, Secrecy and Science
• Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks - IEEE Security & Privacy, March/April 2003
• RSA panel on Surveillance
• Silver Bullet 11: Dorothy Denning
• Trust Management
• Signaling Vulnerabilities in Wiretapping Systems - IEEE Security & Privacy, November/December 2005, by M. Sherr, E. Cronin, S. Clark and M. Blaze.
• Eno/Byrne: Everything That Happens Will Happen Today

 

 Show 039 - An Interview with Matt Blaze [32:36m]: Play Now | Play in Popup | Download

For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU’s Center for Applied Cybersecurity Research. Gary and Kay discuss why in situ usability study is important, the E.T.H.O.S. living lab (including the “presence clock” and the portal monitor), and Kay’s advice to women interested in pursuing a career in computer science.

• Kay Connelly
• E.T.H.O.S. - Ethical Technology in the Homes of Seniors
• Crafting a Smarter, Gentler Cell Phone - NPR story featuring Kay Connelly
• Why It’s Worth the Hassle: The Value of In-Situ Studies When Designing Ubicomp [PDF]
• Silver Bullet #7: John Stewart
• Silver Bullet #15: Annie Antón
• HIPAA
• Ambient (Presence) Clock
• Portal Monitor
• The Song Is You: A Novel by Arthur Phillips
• I Was Told There’d Be Cake by Sloane Crosley

 

 Show 038 - An Interview with Kay Connelly [25:14m]: Play Now | Play in Popup | Download

On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab. Gary and Virgil discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security. They close out with a discussion of Virgil’s breakfast-eating habits.

• Virgil D. Gligor (@ Carnegie Mellon)
• CyLab
• Electrical and Computer Engineering at Carnegie Mellon University
• Building a Secure Computer System
• Foreign Intelligence Surveillance Act
• Software Security Comes of Age
• RSA panel to discuss surveillance, privacy concerns
• Computer Security: Art and Science by Matt Bishop
• Towards a Theory of Penetration-Resistant Systems and its Applications (1991)
• A Formal Method for the Identification of Covert Storage Channels in Source Code (1987)

 

 Show 037 - An Interview with Virgil Gligor [27:10m]: Play Now | Play in Popup | Download

We switch things up for this special third anniversary episode of Silver Bullet. This time around, Gary is the victim, being interviewed by James McGovern, Enterprise Architect for The Hartford Financial Services Group, Inc. and OWASP maven. Gary and James discuss the recently released Building Security In Maturity Model, how companies with Software Security Groups retain their best and brightest, Microsoft’s trustworthy computing initiative/SDL program, and what less expensive tools small organizations with only a few developers can use.

• Transcript of this episode [PDF]
• Enterprise Architecture: From Incite comes Insight… - James McGovern’s blog
• Gary McGraw’s site
• Software Security: Building Security In
• Building Security In Maturity Model (BSIMM)
• Gartner releases paper on Static Analysis - James’ blog entry on Gartner
• Cigital’s John Steven to lead OWASP Northern Virginia Local Chapter (press release)

 

 Show 036 - An Interview with Gary McGraw (by James McGovern) [34:34m]: Play Now | Play in Popup | Download

On the 35th episode of The Silver Bullet Security Podcast, Gary talks with Daniel Suarez, independent consultant and author of Daemon, a new techno-thriller about a gamer that reaches from beyond the grave to declare a war on all of humanity. They talk about Daniel’s new book and the movie options attached to it, the use of MMORPGs and flash mobs for nefarious means in the form of a distributed emergent attack, the current state of AI, and the follow-up to Daemon, Freedom ^TM.

• Daemon
• Daniel on Last call with Carson Daly
• Al-Qaeda in Second Life
• Distraction by Bruce Sterling
• Halting State by Charles Stross
• Bot-Mediated Reality at the Long Now Foundation
• Wired for War by P.W. Singer

 

 Show 035 - An Interview with Daniel Suarez [25:16m]: Play Now | Play in Popup | Download

On the 34th episode of The Silver Bullet Security Podcast, Gary interviews Bill Brenner, senior editor at CSO Online and CSO Magazine. Gary and Bill discuss how delivering the security message changes based on the audience (executives versus geeks and CSO’s versus CIO’s), the much-exaggerated death of print media, and balancing headline-grabbing sensationalism with solid security business coverage. They close out their interview with a discussion of Bill’s favorite period of history.

• Bill Brenner at CSO Online
• Bill Brenner on LinkedIn
• Bill Brenner on Facebook
• Security Wire Weekly
• Security Insights Podcast
• 1 Raindrop - Gunnar Peterson’s blog.
• Silver Bullet interviews with Jon Swartz, USA Today, Dennis Fisher, Tech Target, and Jeremiah Grossman, Whitehat

 

 Show 034 - An Interview with Bill Brenner [27:48m]: Play Now | Play in Popup | Download

We’re happy to announce the debut of The Reality Check Security Podcast with Gary McGraw:

The Reality Check Podcast with Gary McGraw focuses directly on software security practitioners and practical software security. Reality Check’s sister podcast, the Silver Bullet Security Podcast with Gary McGraw, follows a free form interview style tailored highlight the ideas and experience of security gurus. By contrast, Reality Check is concerned with practical questions centered on running large-scale software security initiatives in the real world.

Reality Check targets experienced leaders working to solve software security problems in large organizations every day. We use a standard script to guide each conversation with questions about history, methodology, best practice, and measurement. We plan to interview leaders of mature software security programs and leaders of programs just getting started.

 

 Ad: Reality Check Security Podcast [0:51m]: Play Now | Play in Popup | Download

On the 33rd episode of The Silver Bullet Security Podcast, Gary talks with Laurie Williams, Associate Professor of Computer Science at North Carolina State University. Gary and Laurie discuss Laurie’s nine years at IBM, Agile’s adoption in the commercial space, XP and software security, and what changes Laurie would make to the standard computer science curriculum to better prepare students.

• Laurie Williams
• Empirical Software Engineering
• Protection Poker tutorial
• Is Complexity Really the Enemy of Software Security? [PDF]
• Silver Bullet interview with Adam Shostack
• Law of Attraction audiobook

 

 Show 033 - An Interview with Laurie Williams [23:39m]: Play Now | Play in Popup | Download

The 32nd episode of The Silver Bullet Security Podcast features founder and Chief Technology Officer of WhiteHat Security, Jeremiah Grossman. Gary and Jeremiah discuss clickjacking, cross-site request forgery, why 50% of web problems can’t be discovered reliably automatically, and which conferences Jeremiah most enjoyed on his 2008 world tour.

• Transcript of this episode [PDF]
• Jeremiah Grossman
• Clickjacking
• Adobe 0-day Browser Exploit
• Cross-Site Request Forgeries: Exploitation and Prevention [PDF]
• Web Spoofing: An Internet Con Game by Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach.
• Web application scan-o-meter
• The “Wall of Fame”

 

 Show 032 - An Interview with Jeremiah Grossman [29:20m]: Play Now | Play in Popup | Download

On the 31st episode of The Silver Bullet Security Podcast, Gary talks with Matt Bishop, professor of Computer Science at UC Davis and author of the book Computer Security: Art and Science as well as many peer-reviewed papers. Gary and Matt discuss Matt’s plan to work security analysis and secure coding into a wider computer science cirriculum, Matt’s early work with Mike Dilger on TOCTOU, whether or not progress is being made in the field of software security, and the role of training in large-scale software security initiatives. Their chat closes with a mention of Matt’s home menagerie (which does not include any one-legged chickens at this time).

• Transcript of this episode
• Matt Bishop
• IEEE Security & Privacy Magazine
• Computer Security: Art and Science
• Silver Bullet Security Podcast interview with Dorothy Denning
• Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security (the “Ware Report” referred to in the podcast)
• Secure Computer Systems: Mathematical Foundations - The Bell Lapadula model [PDF]
• Secure Computer System: Unified Exposition and Multics Interpretation [PDF]
• Testing C Programs for Buffer Overflow Vulnerabilities - Eric Haugh, Matt Bishop [PDF]
• TOCTOU
• Checking for Race Conditions in File Accesses by Matt Bishop and Michael Dilger
• “The Song of the One Legged Chicken”

 

 Show 031 - An Interview with Matt Bishop [24:24m]: Play Now | Play in Popup | Download