Cigital » The Silver Bullet Security Podcast with Gary McGraw

On the 90th episode of the Silver Bullet Security Podcast, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_DRBG RSA/EMC random number generator. Gary ends by asking Matthew the same question he asked Avi Rubin back on the first episode. Matthew D. Green A Few Thoughts on Cryptographic Engineering (Matthew’s blog) On the NSA RSA warns developers not to use RSA products Software [in]security — software flaws in application architecture (September 10, 2013) Silver Bullet 001: Avi Rubin The post Cryptography compared with Matthew Green appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Cryptography compared with Matthew Green appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teaching computer security, and how to attract more women to the field of software security. They close out their discussion with some talk about mixed martial arts. Mike Reiter McGraw on technology transfer Technology Transfer: A Software Security Marketplace Case Study (IEEE Software, September/October 2011) McGraw on lessons learned when a startup eats your life Startup Lessons (October 22, 2009) UNC Computer Science The FindBugs static analysis tool Women in Technology Mike’s Ph.D. Students TC Boyle’s fiction Attiya and Welch on Distributed Systems The post Academic vs. Corporate research with Michael Reiter appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Academic vs. Corporate research with Michael Reiter appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teaching computer security, and how to attract more women to the field of software security. They close out their discussion with some talk about mixed martial arts. Mike Reiter McGraw on technology transfer Technology Transfer: A Software Security Marketplace Case Study (IEEE Software, September/October 2011) McGraw on lessons learned when a startup eats your life Startup Lessons (October 22, 2009) UNC Computer Science The FindBugs static analysis tool Women in Technology Mike’s Ph.D. Students TC Boyle’s fiction Attiya and Welch on Distributed Systems

On the 88th episode of the Silver Bullet Security Podcast, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software, Christian’s opinions on products that purport to offer software protection on mobile devices, and whether software security students should be taught to think like an attacker. They close out their talk with discussion of travel on planet Earth. Christian Collberg Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection AWL Software Security Security Series (edited by Gary McGraw) China Forces down US Spy Plane (2001) Exploiting Software (thinking like an attacker) The Undecidables The post Teaching Security Globally with Christian Collberg appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Teaching Security Globally with Christian Collberg appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 88th episode of the Silver Bullet Security Podcast, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software, Christian’s opinions on products that purport to offer software protection on mobile devices, and whether software security students should be taught to think like an attacker. They close out their talk with discussion of travel on planet Earth. Christian Collberg Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection Is “Software Protection” Software Security? AWL Software Security Security Series (edited by Gary McGraw) China Forces down US Spy Plane (2001) Exploiting Software (thinking like an attacker) The Undecidables

On the 87th episode of the Silver Bullet Security Podcast, Gary chats with James Walden, Ph.D., Associate Professor of Computer Science at Northern Kentucky University. Gary and James discuss the progress being made in the field of software security, why there are plenty of top N lists for bugs but none for flaws, the difficulties of teaching how to fix code, the current generation’s outlook on privacy, and security metrics and measurement. James Walden, Ph.D. Software Security BSIMM Daft Punk The National Cat Power Dream Theater The post Progression of Software Security with James Walden appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Progression of Software Security with James Walden appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 87th episode of the Silver Bullet Security Podcast, Gary chats with James Walden, Ph.D., Associate Professor of Computer Science at Northern Kentucky University. Gary and James discuss the progress being made in the field of software security, why there are plenty of top N lists for bugs but none for flaws, the difficulties of teaching how to fix code, the current generation’s outlook on privacy, and security metrics and measurement. James Walden, Ph.D. NKU Software Security BSIMM Daft Punk The National Cat Power Dream Theater

On the 86th episode of the Silver Bullet Security Podcast, Gary chats with Wenyuan Xu, Associate Professor in the Department of Computer Science and Engineering at the University of South Carolina. Gary and Wenyuan discuss the differences between American and Chinese technical culture, Wenyuan’s work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science. They close out the episode with a discussion of tailgating. Wenyuan Xu Car tires contain technology making you vulnerable Security and Privacy Vulnerabilities of In-Car Wireless Networks Another Reason for “Smart” Electric Meters Pacemakers Could Be Hacked, Researchers Claim, But Not Easily Barbie I Can Be Computer Engineer Barbie Doll The post Technical Culture across the Pacific with Wenyuan Xu appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Technical Culture across the Pacific with Wenyuan Xu appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 86th episode of the Silver Bullet Security Podcast, Gary chats with Wenyuan Xu, Associate Professor in the Department of Computer Science and Engineering at the University of South Carolina. Gary and Wenyuan discuss the differences between American and Chinese technical culture, Wenyuan’s work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science. They close out the episode with a discussion of tailgating. Wenyuan Xu Car tires contain technology making you vulnerable Security and Privacy Vulnerabilities of In-Car Wireless Networks Another Reason for “Smart” Electric Meters Pacemakers Could Be Hacked, Researchers Claim, But Not Easily Barbie I Can Be Computer Engineer Barbie Doll

The 85th episode of the Silver Bullet Security Podcast is a double whammy. Gary talks mobile security with two guests —Jim Routh, former global head of application security at JP Morgan Chase (and newly-appointed CSO), and Scott Matusmoto, Principal Consultant and head of the mobile security practice at Cigital. All three discuss the challenges of mobile security and how these challenges are exactly the same as and utterly different than software security concerns from across the years. They discuss use of new technologies including accelerometers in enhancing security (or compromising privacy), and the effect that massive phone rooting has on security. Is mobile security the same old same old or a brand new day? Listen to this podcast and find out for yourself. Trusted Computing and Computational Liberty John Steven on Mobile Security Securing Java (dancing pigs and native code risk) Exploiting Online Games Trusted on Busted The post Show 085 – A Discussion with Jim Routh and Scott Matsumoto appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 085 – A Discussion with Jim Routh and Scott Matsumoto appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

The 85th episode of the Silver Bullet Security Podcast is a double whammy. Gary talks mobile security with two guests —Jim Routh, former global head of application security at JP Morgan Chase (and newly-appointed CSO), and Scott Matusmoto, Principal Consultant and head of the mobile security practice at Cigital. All three discuss the challenges of mobile security and how these challenges are exactly the same as and utterly different than software security concerns from across the years. They discuss use of new technologies including accelerometers in enhancing security (or compromising privacy), and the effect that massive phone rooting has on security. Is mobile security the same old same old or a brand new day? Listen to this podcast and find out for yourself. Trusted Computing and Computational Liberty John Steven on Mobile Security Securing Java (dancing pigs and native code risk) Exploiting Online Games Trusted on Busted

On the 84th episode of the Silver Bullet Security Podcast, Gary chats with W. Hord Tipton, Executive Director of (ISC)2. Gary and Hord discuss how one gets into science and engineering when growing up in rural Tennessee, what insight being nuclear and chemical engineer gives Hord about modern control systems, whether or not certification can help advance software security, and the benefits of teaching software security to kids. (ISC)2 (ISC)2 management team The World Is Flat 3.0: A Brief History of the Twenty-first Century by Thomas L. Friedman

On the 84th episode of the Silver Bullet Security Podcast, Gary chats with W. Hord Tipton, Executive Director of (ISC)2. Gary and Hord discuss how one gets into science and engineering when growing up in rural Tennessee, what insight being nuclear and chemical engineer gives Hord about modern control systems, whether or not certification can help advance software security, and the benefits of teaching software security to kids. (ISC)2 (ISC)2 management team The World Is Flat 3.0: A Brief History of the Twenty-first Century by Thomas L. Friedman The post Learning Science in the Country with Hord Tipton appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Learning Science in the Country with Hord Tipton appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 83rd episode of the Silver Bullet Security Podcast, Gary talks with Mark Graff, CISO at NASDAQ OMX. Gary and Mark discuss what exactly a CISO does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence Livermore National Laboratory, Enrico Fermi and the piano tuners (the “Fermi problem”) and how it relates to estimation, and the most surprising cultural difference between the left and right coasts. They close out their conversation with talk about Mark’s favorite poem from the mid-19th century (and yet it still has a software security connection!). NASDAQ OMX Lawrence Livermore National Laboratory Congressional testimopny (video) Secure Coding: Principles and Practices BSIMM Video from LLNL Fermi problem Cyber War and Active Defense Dover Beach (poem) The post Show 083 – An Interview with Mark Graff appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 083 – An Interview with Mark Graff appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

On the 83rd episode of the Silver Bullet Security Podcast, Gary talks with Mark Graff, CISO at NASDAQ OMX. Gary and Mark discuss what exactly a CISO does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence Livermore National Laboratory, Enrico Fermi and the piano tuners (the “Fermi problem”) and how it relates to estimation, and the most surprising cultural difference between the left and right coasts. They close out their conversation with talk about Mark’s favorite poem from the mid-19th century (and yet it still has a software security connection!). NASDAQ OMX Lawrence Livermore National Laboratory Congressional testimopny (video) Secure Coding: Principles and Practices BSIMM Video from LLNL Fermi problem Cyber War and Active Defense Dover Beach (poem)