Silver Bullet Security Show

Show 043

Mon, 9 Nov 2009 15:45:46 -0800

On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco. Hoff is well known for his colorful blog posts and presentations on cloud security and other complex security issues. Suffice it to say, the cloud was a big topic for this issue.

Show 042

Wed, 30 Sep 2009 16:04:43 -0700

On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine. They discuss how much people really need to know about security going on behind the scenes, how usability affects the health records security, whether surveillance changes how 20-somethings act in public (including on the Net), and how having more women technologists positively impacts the humanization of technology.

Show 041

Mon, 24 Aug 2009 15:15:20 -0700

On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace. Gary and Fred discuss the relationship between security and reliability, diversity as a security mechanism, and the continuum of attack categories from configuration problems, to bugs, to flaws, to trust issues.

Show 040

Fri, 17 Jul 2009 10:28:54 -0700

For the 40th episode of The Silver Bullet Security Podcast, Gary interviews Bob Blakley, VP and research director of The Burton Group's Identity and Privacy Strategies. Gary and Bob discuss the importance of liberal arts degrees, the (over) complications of CORBA security, whether computer security requires a complete shift in approach, cybersecurity and governments, and the movie Perils in Nude Modeling (really).

Show 039

Fri, 19 Jun 2009 14:21:11 -0700

On the 39th episode of The Silver Bullet Security Podcast, Gary chats with Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania. Gary and Matt start the show off discussing the Obama administration's "cyber coordinator" plan and the large number of cyber plans that are never cyber realized. They also discuss key escrow, warrantless wiretapping, the responsibility we have to stay engaged with issues surrounding individual liberty and privacy, and the similarities between physical locks and computer security.

Show 038

Fri, 19 Jun 2009 14:17:27 -0700

For the 38th episode of The Silver Bullet Security Podcast, Gary talks privacy with Kay Connelly, Associate Professor of Computer Science at Indiana University and Senior Associate Director of IU’s Center for Applied Cybersecurity Research. Gary and Kay discuss why in situ usability study is important, the E.T.H.O.S. living lab (including the "presence clock" and the portal monitor), and Kay's advice to women interested in pursuing a career in computer science.

Show 037

Wed, 22 Apr 2009 14:04:26 -0700

On the 37th episode of The Silver Bullet Security Podcast, Gary interviews Virgil Gligor, Professor at Carnegie Mellon University in the Department of Electrical and Computer Engineering and co-director of CyLab. Gary and Virgil discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security.

Show 036

Wed, 8 Apr 2009 17:53:43 -0700

Things are switched up for this special third anniversary episode of Silver Bullet. This time around, Gary is the victim, being interviewed by James McGovern, Enterprise Architect for The Hartford Financial Services Group, Inc. and OWASP maven. Gary and James discuss the recently released Building Security In Maturity Model, how companies with Software Security Groups retain their best and brightest, Microsoft’s trustworthy computing initiative/SDL program, and what less expensive tools small organizations with only a few developers can use.

Show 035

Tue, 24 Feb 2009 09:00:04 -0800

On the 35th episode of The Silver Bullet Security Podcast, Gary talks with Daniel Suarez, independent consultant and author of Daemon, a new techno-thriller about a gamer that reaches from beyond the grave to declare war on all of humanity. They talk about Daniel's new book and the movie options attached to it, the use of MMORPGs and flash mobs for nefarious means in the form of a distributed emergent attack, the current state of AI, and the follow-up to Daemon, Freedom.

Show 034

Fri, 16 Jan 2009 09:42:23 -0800

On the 34th episode of The Silver Bullet Security Podcast, Gary interviews Bill Brenner, senior editor at CSO Online and CSO Magazine. Gary and Bill discuss how delivering the security message changes based on the audience (executives versus geeks and CSOs versus CIOs), the much-exaggerated death of print media, and balancing headline-grabbing sensationalism with solid security business coverage.

Show 033

Mon, 12 Jan 2009 14:44:12 -0800

On the 33rd episode of The Silver Bullet Security Podcast, Gary talks with Laurie Williams, Associate Professor of Computer Science at North Carolina State University. Gary and Laurie discuss Laurie’s nine years at IBM, Agile’s adoption in the commercial space, XP and software security, and what changes Laurie would make to the standard computer science curriculum to better prepare students.

Show 032

Tue, 18 Nov 2008 11:51:29 -0800

The 32nd episode of The Silver Bullet Security Podcast features founder and Chief Technology Officer of WhiteHat Security, Jeremiah Grossman. Gary and Jeremiah discuss clickjacking, cross-site request forgery, and why 50 percent of Web problems can’t be discovered reliably automatically.

Show 031

Tue, 28 Oct 2008 09:48:31 -0700

On the 31st episode of The Silver Bullet Security Podcast, Gary talks with Matt Bishop, professor of Computer Science at UC Davis and author of the book Computer Security: Art and Science. Gary and Matt discuss Matt's plan to work security analysis and secure coding into a wider computer science cirriculum, Matt's early work with Mike Dilger on TOCTOU, whether or not progress is being made in the field of software security, and the role of tr21aining in large-scale software security initiatives.

Show 030

Tue, 28 Oct 2008 09:47:10 -0700

On the 30th episode of The Silver Bullet Security Podcast, Gary talks with Ken van Wyk, principal and founder of KRvW Associates. Ken was the first employee of CERT and has been an active member of FIRST. Ken and Gary discuss why the discipline of computer science doesn't learn from failure like mechanical engineering does, how we're making steps backwards in computer security, and whether focusing on Web applications is a good or bad thing for software security.

Show 029

Fri, 10 Oct 2008 10:43:02 -0700

On the 29th episode of The Silver Bullet Security Podcast, Gary talks with Dennis Fisher, executive editor of The Security Media Group at TechTarget. Dennis helps run SearchSecurity.com and Information Security Magazine. Gary and Dennis discuss the current "BS factor" in security journalism, shopping at TJ Maxx right after the TJX privacy breach, the state of software security, and which is harder: being a fry cook at Hardees or working as a PR flack.

Show 028

Fri, 1 Aug 2008 08:35:05 -0700

On the 28th episode of The Silver Bullet Security Podcast, Gary interviews Bill Cheswick, a lead member of technical staff at AT&T Research and all around security guru. Bill has been working in computer security for over 35 years. He coined the term "proxy" in 1990 with reference to firewalls, and co-authored the book Firewalls and Internet Security which was used to train an entire generation of sys admins. Gary and Bill discuss whether we’re winning or losing the computer security war, how security threats have evolved from pimply-faced teenagers to organized crime, whether we should move security into the cloud, and whether re-naming Christmas lights to solstice lights would bypass NJ holiday decoration ordinances.

Show 027

Fri, 11 Jul 2008 13:00:28 -0700

On the 27th episode of The Silver Bullet Security Podcast, Gary interviews software security expert Gunnar Peterson, a Managing Principal at Arctec Group. Gary and Gunnar begin with the age-old question, "What is security?" They go on to discuss how Web 2.0 and SOA security is progressing, the big idea behind "federated identity," and whether all market verticals can follow the software security lead of the financial services industry.

Show 001

Thu, 11 May 2006 13:00:00 -0700

Gary McGraw speaks with Avi Rubin, professor of computer science at Johns Hopkins University and director of the US National Science Foundation-funded ACCURATE Center, which focuses on secure electronic voting. His latest book, Brave New Ballot (Random House, 2006), will be published later this year.

Show 002

Thu, 15 Jun 2006 13:00:00 -0700

In this episode of the Silver Bullet Security Podcast, Gary McGraw chats with Dan Geer, chief scientist at Verdasys. They discuss the need to understand both technology and business in order to be a good security practitioner, Dan's take on monoculture, his "Cyber Insecurity" paper, and work on Project Athena.

Show 003

Sat, 15 Jul 2006 13:00:00 -0700

This time out, Gary McGraw chats with Marcus Ranum, who is widely credited with inventing the proxy firewall. They discuss Richard Feynman, power tools for home repair and improvement, why Marcus thinks we're not making progress in the computer security field, and how common sense would help computer security.

Show 004

Tue, 15 Aug 2006 13:00:00 -0700

In the fourth episode, Gary talks to Dana Epp, CEO and founder of Scorpion Software. Dana also runs a popular software security blog. On this show, Dana and Gary talk about past programming disasters, the security implications of systems with ever-increasing complexity, suggestions for new developers interested in learning about software security, and regulation's role in information security.

Show 005

Mon, 28 Aug 2006 13:00:00 -0700

The fifth edition features Ed Felten, professor of computer science and public affairs at Princeton University. Gary and Ed take a look at Ed's predictions for 2006 and how he's faring so far. They also discuss the difficulty of addressing technology issues with lawmakers and the importance of public policy and the law to computer scientists.

Show 006

Wed, 25 Oct 2006 13:00:00 -0700

In the sixth episode, Gary chats with Michael Howard, senior security program manager of Microsoft's Security Technology Unit. Michael discusses what it's been like watching the company come to grips with software security. Gary and Michael also discuss the security features of Windows Vista and Michael's recommendations for the two most important best practices when developing secure software.

Show 007

Wed, 25 Oct 2006 13:00:00 -0700

Gary interviews Cisco Chief Security Officer John Stewart. Gary and John discuss what CSOs do all day, how John got started in computer security, and the infamous Morris worm from 1988 (which John was deeply involved with while a student at Syracuse). John and Gary also revisit Cisco-gate, and talk about how John's identity was stolen.

Show 008

Fri, 17 Nov 2006 13:00:00 -0700

In the eighth episode, Gary chats with Brian Chess, co-founder and chief scientist of Fortify Software. Gary and Brian discuss what commercial developers and academics have to learn from each other, what it's like to work for a Kleiner-Perkins startup, and how mystifying it is that some developers are fine with XSS vulnerabilities in their web applications.

Show 009

Thu, 14 Dec 2006 13:00:00 -0700

In the ninth episode of The Silver Bullet Podcast, Gary interviews Bruce Schneier, founder and CTO of Counterpane. Gary and Bruce discuss the connection between physical security and its technological component, the idea of risk management, the intersection of economics and security, and the ideas of "wholesale surveillance" and "security theater."

Show 010

Mon, 22 Jan 2007 13:00:00 -0700

The tenth episode of The Silver Bullet Security Podcast features a panel discussion with the Fortify Software Technical Advisory Board. The group discusses what commercial software tools can learn from academic research, software security in China, real-world lessons learned while using static analysis tools, and software security pedagogy.

Show 011

Thu, 15 Feb 2007 16:59:00 -0700

Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Portgraduate School. Gary and Dorothy discuss her involvement in the Clipper Chip controversy (which earned Dorothy the moniker "clipper chick"), the concept of geo-encryption, and a famous 1990 paper she wrote describing a series of interviews with malicious hackers.

Show 012

Wed, 14 Mar 2007 12:11:00 -0700

In the latest edition of The Silver Bullet Security Podcast, Gary chats with Becky Bace about her 12 years at the US National Security Agency, where she worked on intrusion detection and cryptography. Gary and Becky also discuss the evolution of security curricula in academia, the rampant commercialization of computer security, and Becky's involvement in tracking down the notorious Kevin Mitnick.

Show 013

Fri, 13 Apr 2007 12:11:00 -0700

Gary chats with Ross Anderson, professor of security engineering at the Computer Laboratory at Cambridge University and author of Security Engineering. Gary and Ross discuss the simple reasons why most systems fail, the economic imbalance between engineers/developers and a system's users (with respect to who should address security), and why publicly describing attacks is essential to security engineering.

Show 014

Tue, 22 May 2007 12:17:00 -0700

The 14th episode of The Silver Bullet Security Podcast features Peter Neumann, designer of the Multics OS file system, moderator of comp.RISKS, and Principal Scientist at the SRI Computer Science Laboratory. Gary and Peter discuss the most important changes in computer security since the 1960s, the discipline involved in early Multics engineering, and why DRM is the "wrong solution to the wrong problem."

Show 015

Tue, 19 Jun 2007 17:37:00 -0700

On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, associate professor of software engineering at North Carolina State University and director of theprivacyplace.org. Annie and Gary focus on privacy, airline privacy policies, the impact that a Google/Doubleclick deal would have on consumer privacy, and EULAs.

Show 016

Thu, 12 Jul 2007 16:37:00 -0700

The 16th episode of The Silver Bullet Security Podcast features Greg Hoglund, who runs the popular rootkit.com, is CEO of HB Gary, and coauthor of Rootkits: Subverting the Windows Kernel and Exploiting Software. Gary and Greg discuss the natural tendency of certain types of code to allow exploits, how disclosure is a good thing when it comes to revealing exploits, and the use of rootkits by the "good guys."

Show 017

Fri, 24 Aug 2007 14:02:00 -0700

Gary chats with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations, the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers.

Show 018

Wed, 26 Sep 2007 14:43:00 -0700

The 18th episode of The Silver Bullet Security Podcast has Gary talking with Eugene Spafford, better known as Spaf. Spaf is the executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). They also discuss the role of software testing in computer security, whether commercial certifications obviate the need for academic training, ethical hacking, and why auditing and compliance is an area of emerging specialization.

Show 019

Thu, 18 Oct 2007 14:43:00 -0700

On the 19th episode of The Silver Bullet Security Podcast, Gary interviews Mikko Hyppönen, Chief Research Officer at F-Secure. Gary and Mikko discuss whether mobile viruses are all hype or a legitimate threat, if the iPhone as a closed system is good or bad for security, and Mikko's prediction for the appearance of the first mobile botnet.

Show 020

Mon, 19 Nov 2007 10:02:00 -0700

On the landmark 20th episode of The Silver Bullet Security Podcast, Gary interviews Markus Jakobsson, associate professor of informatics and associate director of the Center for Applied Cybersecurity Research at Indiana University. Gary and Markus discuss the difference between academic and corporate research, the idea of "perfect privacy," and how cartoons can be used to teach security.

Show 021

Thu, 24 Jan 2008 10:02:00 -0700

Gary hosts a panel discussion with Cigital's principals. Participants include Sammy Migues (Director of Training and Knowledge Management), John Steven (Principal Consultant), and Pravir Chandra (Principal Consultant). The group discusses several topics, including the best ways for large companies to get started with software security and�how much of the security testing burden should fall on QA.

Show 022

Thu, 24 Jan 2008 10:02:00 -0700

On the 22nd episode, Gary interviews Ed Amoroso, Chief Information Security Officer of AT&T. They discuss how Peter Neumann influenced Ed, the difference between bugs and flaws, whether bugs are getting too much attention, and the propensity for confusion around how security actually works.

Show 023

Wed, 20 Feb 2008 10:02:00 -0700

Gary talks with Chris Wysopal, founder and CTO of Veracode and author of The Art of Software Security Testing. Chris was one of the seven original members of the L0pht hacker collective (operating under the hacker handle Weld Pond) and later went on to work for @stake. Gary and Chris discuss the role of security researchers now versus in the mid-to-late 90s. They also talk about the current state of the software security market and its continued growth.

Show 024

Fri, 14 Mar 2008 10:02:00 -0700

Oracle Chief Security Officer Mary Ann Davidson is the guest on the 24th episode of The Silver Bullet Security Podcast. Gary and Mary Ann discuss how an MBA helps in the CSO role, Oracle's "Unbreakable" campaign, why everyone needs training in secure coding, and how military history informs computer security.

Show 025

Wed, 30 Apr 2008 10:02:00 -0700

Jon Swartz, USA Today's award-winning technology reporter and Pulitzer Prize nominee, is Gary's guest. They discuss Jon's new book, Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity. Gary and Jon also cover how cybercrime is driven by capitalist principals and why the general public's attitude is so lax about software security.

Show 026

Thu, 15 May 2008 10:02:00 -0700

The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft's Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got started in computer security, how art/literature informs Adam's current work, and the main ideas behind Adam's new book, The New School of Information Security. They also chat about Adam's aversion to the term "best practices," the role IEEE Security & Privacy magazine plays in bringing the science of security to a practical level, and whether the biggest problem of the CardSystems breach was the following the letter, rather than the spirit, of PCI.