[SC-L] Silver Bullet 123: Yanek Korff

hi sc-l, The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then moved on to operational security work at AOL and runn

[SC-L] Silver Bullet 122: David Nathans

Hi sc-l, The latest episode of Silver Bullet features a conversation with David Nathans from Siemens Healthcare. David got his start in security ops, and even wrote a book about that. But he completely understands why product security is essential in the modern world and has been moving thin

[SC-L] Silver Bullet 121: Marty Hellman

hi sc-l, While I was away in Europe, Silver Bullet 121 went live. This episode is an interview with recent Turing award winner and public key crypto inventor Marty Hellman. I met Marty this year at RSA the night he won the Turing award. He’s a hugely interesting guy. We talk math, crypto, p

[SC-L] Silver Bullet celebrates a decade of shows: Gary McGraw

hi sc-l, Hard to believe, but Silver Bullet has been running for ten years---120 months of shows in a row without missing a month. To celebrate this accomplishment, we shot a video for episode 120 out by the Shenandoah river at my house. And we turned the tables on the interview. Marcus Ranu

[SC-L] Silver Bullet 119: Jacob West on the IEEE CSD Wearables report (design review)

hi sc-l, It’s leap day and RSA week! We just posted Silver Bullet episode 119 featuring BSIMM co-author and IEEE CSD co-founder Jacob West talking about the latest IEEE CSD report. Architecture analysis lags behind other touchpoints when it comes to software security practices. The CSD wear

[SC-L] Silver Bullet: Jack Daniel

hi sc-l, For the first Silver Bullet of 2016 I have a chat with Jack Daniel, co-founder of the Bsides Conferences. We talk about security communities, the evolution of the field, car repair, complex systems, the waning security Rennaissance, and other matters. We conclude with a quick pointer

[SC-L] Silver Bullet 117: Jamie Butler

hi sc-l, The current episode of the Silver Bullet Security Podcast features Jamie Butler, CTO of Endgame. Jamie and I talk rootkits (he wrote the book with Greg Hoglund), attack patters, defense and offense. Jamie has a long career in security (17 years) spanning early days at Fort Meade, thr

[SC-L] Silver Bullet 116: Doug Maughan

hi sc-l, Doug Maughan is one of the very good people who somehow works in the federal government at DHS (I know). He has been funding reasonable science in computer security since his early DARPA days and even once funded some of our work at cigital. We talk about science, research, tech tran

[SC-L] Silver Bullet 115: mudge

hi sc-l, Cigital just posted Silver Bullet 115 which features an interview with mudge (a.k.a., Peiter Zatko). https://www.cigital.com/podcasts/show-115-peiter-mudge-zatko/ We talk l0pht, cult of the dead cow, early security days, testifying before Congress, why the government is so confused ab

[SC-L] Silver Bullet 114: Peter "Pete" Clay

hi sc-l, Episode 114 of Silver Bullet was just posted. This episode features Peter “Pete” Clay who has served as a CISO in several firms (Deliotte, Invotas, Qlik) and has provided security direction both in the Federal government and the private sector. Have a listen: http://bit.ly/SB-pete A

Re: [SC-L] Silver Bullet 113: Chandu Ketkar

The URL was apparently scrambled below. For the SB episode try: http://bit.ly/SB-chandu gem On 8/31/15, 12:51 PM, "SC-L on behalf of Gary McGraw" wrote: >hi sc-l, > >The new episode of Silver Bullet features a conversation with Chandu Ketkar. >Chandu has 20+ years of experience in softw

[SC-L] Silver Bullet 113: Chandu Ketkar

hi sc-l, The new episode of Silver Bullet features a conversation with Chandu Ketkar. Chandu has 20+ years of experience in software, starting as a developer and working his way to a secure design proponent. Have a listen: http://bit.ly/SB-chandu

[SC-L] Silver Bullet 112: Matthew Green and Steve Bellovin on Crypto Back Doors

hi sc-l, For the latest episode of Silver Bullet, we spoke to two of the fifteen co-authors of the Keys Under Doormats paper describing the technical peril of implementing crypto back doors as FBI Director Comey has suggested. Steve Bellovin comes at the problem with years of experience and di

Re: [SC-L] Silver Bullet 111: Marcus Ranum

can't be far behind. ;-) > > -kevin > Sent from my Droid; please excuse typos. > > On Jul 7, 2015 12:07 PM, "Gary McGraw" wrote: > hi sc-l, > > Silver Bullet episode 111 is a sneaky one based around a “dirty brilliant > trick." The episode features Mar

Re: [SC-L] Silver Bullet 111: Marcus Ranum

Ah, I see...so the dirty trick is that you are finally doing reruns. Syndication can't be far behind. ;-) -kevin Sent from my Droid; please excuse typos. On Jul 7, 2015 12:07 PM, "Gary McGraw" wrote: > hi sc-l, > > Silver Bullet episode 111 is a sneaky one based a

[SC-L] Silver Bullet 111: Marcus Ranum

hi sc-l, Silver Bullet episode 111 is a sneaky one based around a “dirty brilliant trick." The episode features Marcus Ranum, inventor of the proxy firewall and all around security guru. We talk about perimeter security, software security, security progress (or lack of such) and wh

[SC-L] Silver Bullet 110: Paul Dorey

hi sc-l, Silver Bullet episode 110 features Paul Dorey. Paul was one of the original CSOs of Europe, ultimately serving as the CSO of BP. He and I are on an Advisory Board together, and most recently, Paul and I did a “fernside chat” at the BSIMM Europe Conference. We talk about the CSO job

[SC-L] Silver Bullet 108: Katie Moussouris

hi sc-l, Just in time for my Spring Break college tour with Eli, here is Silver Bullet episode 108, an interview with HackerOne’s Katie Moussouris. Katie and I talk about bug bounties, early coding (sadly she was a C64 person instead of an Apple ][+ person), SDL, BlueHat, mentors, and more. Ha

[SC-L] Silver Bullet 107: L Jean Camp

hi sc-l, Silver Bullet Security Podcast episode 107 just went live. This episode features L. Jean Camp, a professor of Informatics at Indiana in Bloomington. Jean has worked on the intersection of privacy, security, technology and policy for years. We discuss usability, implicit security

[SC-L] Silver Bullet: Whitfield Diffie

hi sc-l, Merry New Year to you all!! Episode 105 of Silver Bullet is an interview with Whitfield Diffie. Whit co-invented PKI among other things. We have an in depth talk about crypto, computation, LISP, AI, quantum key distro, and more http://bit.ly/SB-diffie As always, your feedback on Si

[SC-L] Silver Bullet: Rick Gordon

hi sc-l, Silver Bullet episode 104 features Rick Gordon, Managing Partner of Mach37, a Virginia-based cybersecurity incubator. We talk nuclear subs, finance, running startups, and just exactly what an incubator does: http://www.cigital.com/silver-bullet/show-104/ Your feedback is welcome

[SC-L] Silver Bullet: Brian Krebs

hi sc-l, Silver Bullet episode 103 features Brian Krebs, whose website http://krebsonsecurity.com is among the leading security reporting sites on the planet. Brian was once a reporter for the Washington Post, but he went solo after being let go (too deep for the dinosaur). Krebs broke a number

[SC-L] Silver Bullet 102: Richard Danzig

hi sc-l, The 102nd monthly episode of the Silver Bullet podcast features a conversation with Richard Danzig. Richard is a very accomplished leader who served as Secretary of the Navy (among other powerful positions). He is currenty a member of the Board of the Center for a New American Securi

[SC-L] Silver Bullet Episode 100 (!!): Cigital's Principals

hi sc-l, Thanks for listening to the Silver Bullet Security Podcast for the eight 1/3 years it has been produced. Each episode has been downloaded over 10,787 times on average with over 1,067,948 downloads for the podcast as a whole. That's lots of listening! To celebrate our 100 months in a

[SC-L] Silver Bullet 99: Michael Hicks

hi sc-l, Silver Bullet Security Podcast number 99 (99 months in a row!!) was just posted. This episode features a programming languages smorgasbord with Michael Hicks, professor of CS and security at University of Maryland. We talk type safety, closure, why C is bad, what makes dynamic

[SC-L] Silver Bullet 98: Bart MIller

hi sc-l, Bart Miller, computer science professor from Wisconsin, coined the term fuzz testing in 1990. He also is the PI for the DHS SWAMP---a software assurance marketplace of sorts. Bart knows a ton abiut software analysis. In episode 98 of Silver Bullet, we geek out about software security

[SC-L] Silver Bullet 97 + SearchSecurity Heartbleed

hi sc-l, Heartbleed? Who cares? We do. Real lessons here >> http://bit.ly/1lBKDsE Silver Bullet 97. Programming languages actually matter. >> http://www.cigital.com/silver-bullet/show-097/ Read. Listen. Share. React. We want your feedback. gem ___

[SC-L] Silver Bullet 96: Nate Fick, CEO of Endgame (and combat veteran)

hi sc-l, Nate Fick is an interesting man. He has a classics degree from Dartmouth, where he is now a Trustee. He served combat tours in Afghanistan and Iraq, resulting in the book “One Bullet Away” and the HBO series “Generation Kill.” He served as the CEO of an important new think thank, th

[SC-L] Silver Bullet 95: Charlie Miller

hi sc-l, Greetings from RSA, where the show gets underway today. I hope to see some sc-l readers out here. (Come see us duing the show https://www.cigital.com/blog/2014/01/rsa-2014/.) Episode 95 of silver bullet features a conversation with Charie Miller, who now works at Twitter as a securi

[SC-L] Silver Bullet 94: Ming Chow (Tufts)

hi sc-l, Episode 94 (in a row) of Silver Bullet features a conversation with Ming Chow, a developer who got interested in security and accidentally became a software security guy teaching at Tufts. We talk about that. We talk about exploiting online games (and using that as a teaching mechani

[SC-L] Silver Bullet 93: Yoshi Kohno

hi sc-l, When it rains, it pours. Just in time for xmas eve, here is Silver Bullet episode 93. The podcast features a discussion with Yoshi Kohno (a cigital alum) who is now a computer science professor at University of Washington. You've probably heard of Yoshi's car hacking stuff (or maybe

[SC-L] Silver Bullet 92: Jon Callas

hi sc-l, Just in time for turkey-induced coma listening time, Silver Bullet episode 92 features Jon Callas. Jon is an old school geek (on the net since 1979) who has occupied a front row seat during all of the crypto wars. His company Silent Circle is actively trying to build a real secure em

[SC-L] Silver Bullet 91: Caroline Wong

hi sc-l, Episode 91 of Silver Bullet features a conversation with Cigital's Caroline Wong. We talk a lot about BSIMM (behind the scenes) as part of the BSIMM-V launch. BSIMM-V will be officially released at 9am EST 10.30.13! As an experienced practitioner (Symantec, eBay, Zynga), Caroline bri

[SC-L] Silver Bullet 90: Matthew Green

hi sc-l, On one of the best Silver Bullet security podcasts in many a moon, I interview Matthew Green, research professor at Johns Hopkins university. Remember that university professor whose NSA-related posting was given a takedown notice? That was Matthew. Find out what he thought of all t

[SC-L] Silver Bullet 89: Mike Reiter

hi sc-l, Silver Bullet episode 89 was posted yesterday. It features a conversation with Professor Mike Reiter from UNC. Mike's work is well known in distributed systems and networking. He has done a bit of work in software security. Have a listen: http://www.cigital.com/silver-bullet

[SC-L] Silver Bullet 88: Christian Collberg

hi sc-l, Christian Collberg has been among the best academicians in software protection for over a decade. His book "Surreptitious Software" which is really about obfuscation, watermarking and digital content protection is part of my Software Security Series . C

[SC-L] Silver Bullet 87: James Walden

hi sc-l, Last month, Cigital consultant Joe Harless suggested that I interview his NKU professor James Walden. It was a good idea. Thanks Joe. I have known James for years. He uses "Software Security" in some of his classes and he thinks about software security all day. Trained as a partic

[SC-L] Silver Bullet 86: Wenyuan Xu

hi sc-l, Ever wonder what it is like to be a Chinese scholar living and teaching in the US or a woman teaching computer science and engineering? We talk about that in the 86th episode of the Silver Bullet Security Podcast featuring University of South Carolina professor Wenyuan Xu: bit.ly/14e8

[SC-L] Silver Bullet 85:Mobile Security with Jim Routh and Scott Matsumoto

hi sc-l, Is mobile security a brand new day or the same old same old? The answer depends on how you look at the problem. If you are a practitioner in the trenches, there are many new and interesting shiny bits to mobile security. If you are a security veteran, things look very familiar. In

[SC-L] Silver Bullet 84: W Hord Tipton of ISC^2

hi sc-l, Paco Hope and I have debated security certifications for years (a friendly battle of sorts). During my last trip to London on a train to go visit Ross Anderson in Cambridge, Paco suggested that I interview ISC^2 Executive Director Hord Tipton. I'm glad I did! Hord and I talk about h

[SC-L] Silver Bullet 79: Per-Olof Persson (Sony Mobile) transcript posted

hi sc-l, We just posted the transcript for episode 79 of the Silver Bullet Podcast featuring Per-Olof Persson of Sony Mobile: http://www.cigital.com/silverbullet-files/shows/silverbullet-079-ppersson.pdf The transcript will appear in IEEE Security & Privacy magazine soon. gem company www.cigit

[SC-L] Silver Bullet 82: Kevin Fu

hi sc-l, Kevin Fu is an interesting guy. An MIT Ph.D., Kevin did a post doc with Avi Rubin at Johns Hopkins and then moved on to be a professor at UMass. As of January, he moved his lab to University of Michigan. Among other interests, Kevin is an expert in embedded medical device security.

[SC-L] Silver Bullet 81: Steve Bellovin

hi sc-l, Merry New Year to you all! Here's to more secure software in 2013. The latest Silver Bullet episode, number 81, went live today, featuring security grey beard Steve Bellovin. Steve's long and storied career spans the invention of Usenet in grad school, through Bell Labs, to Columbia

Re: [SC-L] Silver Bullet: Thomas Rid

Well done gentlemen! I think the interview (debate at times) was extremely well done - there was some synergy in views, some flushing out of semantics, details, .. Well. Done. -Ali On Fri, Nov 30, 2012 at 11:25 PM, Gary McGraw wrote: > hi sc-l, > > Earlier this month, I had the pleasure of vis

[SC-L] Silver Bullet: Thomas Rid

hi sc-l, Earlier this month, I had the pleasure of visiting Thomas Rid and giving a talk on cyber war at King's College London. Thomas and I had a great discussion after the talk, and I asked him to do a silver bullet episode. http://www.cigital.com/silver-bullet/show-080/ Episode 80 is a bit

[SC-L] Silver Bullet 79: Per-Olof Persson

hi sc-l, Episode 79 of Silver Bullet features a conversation with Per-Olof Persson, a European leader in software security and Global Head of Software Security for Sony Mobile. If you ever wonder what a Board of Directors thinks about software security, this episode will help you understand th

[SC-L] Silver Bullet 77: Gary Warzala of Visa

hi sc-l, Greetings from Buenos Aires where I am pushing the software security agenda in South America this week in a series of four talks. Silver Bullet's 77th episode features Gary Warzala, CISO of Visa. Our discussion mirrors some of what we talked about during our fireside chat in Blooming

Re: [SC-L] Silver Bullet 76: David Evans

Oops! forgot to include the URL. Here it is: http://www.cigital.com/silver-bullet/show-076/ gem From: gem mailto:g...@cigital.com>> Date: Friday, July 27, 2012 2:27 PM To: Secure Code Mailing List mailto:SC-L@securecoding.org>> Cc: David Evans mailto:ev...@cs.virginia.edu>> Subject: Silver Bu

[SC-L] Silver Bullet 76: David Evans

hi sc-l, The 76th episode of Silver Bullet features a chat with Dave Evans, a professor at UVa and a well-respected security researcher. David and I discuss (among other things) the founding of the Interdisciplinary Major in Computer Science (BA) at Uva and why a broad approach to Computer Sci

[SC-L] Silver Bullet 74: Bruce Schneier

hi sc-l, There are exactly two security gurus we have covered twice in Silver Bullet: Ross Anderson (who holds the all time record for hits) and Bruce Schneier. Both are very interesting thinkers and thought leaders in computer security. Episode 74 is the second Silver Bullet conversation with

[SC-L] Silver Bullet 73: Robert Vamosi

hi sc-l, This morning we released episode 73 of Silver Bullet. The new show is an interview with Robert Vamosi. Robert is a well-known security reporter, having worked for a bunch of esteemed publications including Forbes, c!net, and threatpost. Robert also wrote a book called "When Gadgets

[SC-L] Silver Bullet: Randy Sabett

hi sc-l, Randy Sabett is a lawyer (with a JD) specializing in security and privacy law. He was once a crypto engineer with the NSA, and his geek cred is legit. Randy is victim, er, guest 72 on the Silver Bullet Security Podcast. Have a listen: http://www.cigital.com/silver-bullet/show-072/

[SC-L] Silver Bullet 71: Bill Arbaugh

hi sc-l, Greetings from RSA where software security is getting tons of airtime this year, much of which devoted to software security initiatives. Bill Arbaugh is a particularly interesting security practitioner. He has served in the military, worked at the NSA, been an academic, founded and so

[SC-L] Silver Bullet 70: Ross Anderson Reprise

hi sc-l, Ross Anderson's first Silver Bullet episode (episode 13) has consistently led the download totals since its release way back when. Over 25,000 people have listened to the episode and it remains very popular (either that or Ross is clicking on it an awful lot himself). In order to com

[SC-L] Silver Bullet 69: Steve Myers

happy new year sc-l, The 69th episode of Silver Bullet is an interview with professor Steve Myers from Indiana University. Steve is a cryptographer who works on Phishing, but he also teaches the security engineering course at IU. Among other topics, we discuss the challenge of keeping academi

[SC-L] Silver Bullet 68

hi sc-l, I am pleased to announce that episode 68 of the Silver Bullet Security Podcast is an interview of Cigital's own John Steven. jOHN (or jS) as he is know around here is a well-respected technologist and software security practitioner. He served a stint editing the Building Security In

[SC-L] silver bullet: bill pugh

hi sc-l, The 67th Silver Bullet podcast features Bill Pugh. Bill is an alpha geek who is currently a professor at University of Maryland. You may know his FindBugs project if you're a Java person. You may not know that Bill is also a fire eater who once lit my solstice bonfire in an interest

[SC-L] Silver Bullet 66: Shari Lawrence Pfleeger

hi sc-l, Shari Lawrence Pfleeger is an exceptional software engineer who has written many of the textbooks in common use today for both Computer Security and Software Engineering. Her work in software measurement and metrics is also very well known. Shari is the 66th Silver Bullet podcast vic

[SC-L] Silver Bullet 65: Giovanni Vigna

hi sc-l, Though Sammy, Brian, and I are busy building BSIMM3 today (lots of data to crunch since we have 80 vectors, 12 re-measurements, and 42 firms!), we posted the latest episode of Silver Bullet anyway. This episode features UC Santa Barbara professor Giovanni Vigna. Giovanni has always p

[SC-L] Silver Bullet 64: Markus Schumacher

hi sc-l, We just posted the 64th episode of Silver Bullet---an interview of Markus Schumacher, CEO and co-founder of Virtual Forge. Markus worked for many years at SAP and his startup sells a static analysis tool focused on SAP's ABAP language. I find it interesting that the ERP market is beg

[SC-L] Silver Bullet transcript posted (John Savage)

hi sc-l, Many episodes of Silver Bullet are published in IEEE Security & Privacy magazine. When that happens, we post the resulting interview article on the silver bullet website. Here is the interview with John Savage from show 58: http://www.cigital.com/silverbullet/shows/silverbullet-058-j

[SC-L] SIlver BUllet 62: Halvar Flake

hi sc-l, Based on the suggestion of a listener, Silver Bullet episode 62 is an interview with Halvar Flake (a.k.a. Thomas Dullien). Halvar has been an active speaker, trainer, and tool builder in software analysis for many years. His tool "bindiff" is one of the many essential software analys

[SC-L] Silver Bullet 61: Carl Landwehr

hi sc-l, Episode 61 of Silver Bullet features a conversation with Carl Landwehr. Carl is now at the National Science Foundation running the Trustworthy Computing Program. He has been very active in the scientific research community for years. Carl was also the Editor in Chief of IEEE Securit

[SC-L] Silver Bullet 60: Neil Daswani

hi sc-l, Neil Daswani used to help run software security at Google. Now he has a startup in San Jose called Dasient. Neil is the 5 year anniversary Silver Bullet Security Podcast victim. 60 episodes in 60 months…holy cow! Have a listen. Among other topics, we cover the difficult tradeoff to

[SC-L] Silver Bullet 59: Ralph Langner on Stuxnet

hi sc-l, I met Silver Bullet #59 victim Ralph Langner at Joe Weiss's Applied Control Solutions Conference in Rockville last Fall. That was when (much to the surprise of the Siemens guys there) Ralph first revealed that the Stuxnet payload was aimed directly

[SC-L] Silver Bullet: Paul Kocher interview transcribed

hi sc-l, Many (but not all) of the Silver Bullet podcasts are printed as the interview department of IEEE Security and Privacy magazine. Here is the transcript from Paul Kocher's Silver Bullet episode (#52 http://www.cigital.com/silverbullet/show-052/) http://www.cigital.com/silverbullet/sho

[SC-L] Silver Bullet 58: John Savage

hi sc-l, I met John Savage at the White House last year

[SC-L] Silver Bullet 56: Sammy Migues

hi sc-l, The 56th episode of Silver Bullet features a conversation with Sammy Migues, Principal and Director of Knowledge Management at Cigital. Sammy has been in the security field for approximately forever (he even helped pen the notorious Orange Book). He has an interesting perspective on

[SC-L] Silver Bullet 55: Deb Frincke

hi sc-l, In between bouts of Fall travel, we recorded Silver Bullet episode 55. Deb Frincke is an academic, turned entrepreneur, turned scientific researcher. She is active in the Department of Energy's security community and is a well-respected thought leader in security education. Deb help

[SC-L] Silver Bullet 52: Paul Kocher

hi sc-l, Paul Kocher has been a good friend for over a decade. Paul worked closely with me in the mid-90s "smart card wars" when we did lots of work for Visa International and Mastercard. Paul invented DPA back then while we were busy hacking Java-based cards with malicious applets at Cigital

[SC-L] Silver Bullet 51: Anup Ghosh

hi sc-l, On June 25th, we posted the 51st episode of Silver Bullet, featuring Dr. Anup Ghosh. Anup and I worked together for several years when Anup ran Cigital Labs. After a long stint at DARPA, Anup is back in startup mode with his new company invincea (invisible virtualized browser wrappin

[SC-L] Silver Bullet: Cyber War and Richard Clarke

hi sc-l, I'm more pleased than usual to announce the landmark 50th episode of Silver Bullet. To celebrate the 50th episode, we decided to shoot SB50 as a video as well as releasing the usual audio podcast. My guest this episode is Richard A. Clarke. Dick is an internationally-recognized exp

[SC-L] Silver Bullet 49: Ivan Arce + informIT on Virtual PC vulnerability

hi sc-l, Ivan Arce is the CTO and co-founder of Core. He's a very knowledgeable guy and well-respected among the breakers of stuff, especially when it comes to low-level attacks against BIOS, kernels, and VMs. Ivan is Silver Bullet podcast victim 49: http://www.cigital.com/silverbullet/show-

[SC-L] Silver Bullet 48: Andrew Jaquith

hi sc-l, I find it hard to believe that Silver Bullet has been going for 4 years! Lots of really interesting people in the mix. Our 48th victim, er I mean guest is Andy Jaquith who all of you know is a security metrics uber-geek. Andy's past includes a stint at @stake working in the early da

[SC-L] Silver Bullet Transcripts

hi sc-l, As you know, Silver Bullet is co-sponsored by Cigital and IEEE Security & Privacy magazine. Excerpts of about half of the episodes are eventually published in the magazine as articles in an interview department. We just caught up with ourselves by posting the last three S&P interview

[SC-L] Silver Bullet: Greg Morrisett

hi sc-l, Greetings from RSA where the security hype is very hype-y indeed. To counterbalance the nonsense, we just published Silver Bullet number 47, an interview with Harvard professor Greg Morrisett. Greg and I grew up together in Kingsport, Tennessee and it has been a pleasure watching my

[SC-L] Silver Bullet 46: David Rice (Geekonomics)

hi sc-l, I'm sure most of you are aware of David Rice's book Geekonomics. David and I discuss that book, information warfare, the software security market, and most importantly how the market needs to change in episode 46 of Silver Bullet. I thoroughly enjoyed this conversation. http://www.c

[SC-L] Silver Bullet 45: Lorrie Cranor

hi sc-l, Privacy is an aspect of software security often overlooked by practitioners (especially in the US). The BSIMM Europe results showed us exactly how far ahead of the US the EU when it comes to privacy. One of the best privacy practitioners in the field is Lorrie Cranor. Lorrie is a pr

[SC-L] Silver Bullet: Steve Kent

hi sc-l, Happy Thanksgiving to US subscribers. My turkey is roasting (4 hours to go), so there's time to hop on the net and announce the 44th episode of Silver Bullet---an interview with Dr. Steve Kent. Steve has been doing Internet security for approximately forever. Steve became involved w

[SC-L] Silver Bullet 43: /Hoff (cloud security)

hi sc-l, The technology buzzword of the year has to be "the cloud," and "cloud security" is not far behind. There's plenty of nonsense and silliness to wade through in cloud security (I've seen more than one completely vacuous talk on the topic delivered by pretend security experts). One voic

[SC-L] Silver Bullet 42: Gillian Hayes

hi sc-l, I'm pleased to announce episode 42 of Silver Bullet---a conversation with Professor Gillian Hayes. Gillian is an informatics professor whose work focuses on the human aspects of technology, including surveillance, usability and security, and the psychology of 20-somethings. Have a li

[SC-L] Silver Bullet transcript

hi sc-l, A partial transcript for Bob Blakely's silver bullet episode will be published in IEEE Security & Privacy magazine in the upcoming issue. You can read a copy yourself here: http://www.cigital.com/silverbullet/shows/silverbullet-040-bblakely.pdf gem company www.cigital.com blog www.c

[SC-L] Silver Bullet: Fred Schneider

hi sc-l, The 41st epsiode of Silver Bullet just went live. This episode features a conversation with Fred Schneider, a computer sceince professor at Cornell and a very important thought leader in security research. Fred was the author of the seminal National Academies study "Trust in Cyberspa

Re: [SC-L] Silver Bullet 40: Bob Blakley

+1 great interview -gunnar On Jul 17, 2009, at 11:25 AM, Gary McGraw wrote: > hi sc-l, > > One of our sc-l listeners (gunnar) suggested Bob Blakley as an > interview target. Bob is a particularly interesting guy because he > both a well-respected scientist very active in the security resea

[SC-L] Silver Bullet 40: Bob Blakley

hi sc-l, One of our sc-l listeners (gunnar) suggested Bob Blakley as an interview target. Bob is a particularly interesting guy because he both a well-respected scientist very active in the security research community and a real practitioner who among other things designed the CORBA security m

[SC-L] Silver Bullet: Matt Blaze

hi sc-l, When it rains it pours...especially in Virginia these days. Silver Bullet number 39 is an interview with Matt Blaze, security and privacy luminary. Matt and I spent lots of time digging into Matt's public policy work. Matt is an important voice of sanity whose opinions I greatly admi

[SC-L] Silver Bullet: Kay Connelly

hi sc-l, Silver Bullet 38 just went live. This episode features an up-and-coming professor Kay Connelly from Indiana University. Kay focuses on privacy and security. Much of her work takes into account the essential human nature of technology. Her work with seniors, security, and usability

[SC-L] Silver Bullet 37: Virgil Gligor

hi sc-l, Turns out that most all of us are newbies when it comes to computer security. There is plenty to learn from people who have been active in the field from the 70s. One such influential thinker (and friend) is Virgil Gligor. Virgil recently moved from University of Maryland to CMU whe

[SC-L] Silver Bullet: McGovern interviews McGraw

hi sc-l, For the third anniversary (!) edition of Silver Bullet, that is episode 36, we do something different. James McGovern, OWASP maven, and Enterprise Architect for The Hartford Financial Services Group, interviews me. You may recall that James responded to the OWASP podcast posting he

[SC-L] Silver Bullet 35: Daniel Suarez

hi sc-l, I think you'll like this episode of Silver Bullet, which is a bit off the beaten path. In it, I interview Daniel Suarez, the author of a once self-published and now-optioned-for-a-movie techno-thriller "The Deamon." Daniel brought me a copy of his book this summer, just in time for "

[SC-L] Silver Bullet: Gunnar Peterson (transcript posted)

hi sc-l, As you know, Silver Bullet is co-sponsored by Cigital and IEEE Security & Privacy magazine. The magazine publishes about half of the episodes as the "Interview" department. I'm pleased to say that our own Gunnar Peterson's episode will appear in print in an upcoming issue. Here are

[SC-L] Silver Bullet 34: Bill Brenner

hi sc-l, Ever wonder what it's like to cover security from a media perspective? Bill Brenner (once at TechTarget and now Sr Ed at CSOonline and CSO magazine) is my victim in the 34th Silver Bullet. http://www.cigital.com/silverbullet/show-034/ A bit less on software security this time, but pl

[SC-L] Silver Bullet: Laurie Williams

hi sc-l, The 33rd episode of Silver Bullet went live today. My victim this month is Laurie Williams, professor at NCSU. Laurie is a star in the Agile software community. We discuss Agile and software security during the interview. We also talk about some excellent metrics-related research t

Re: [SC-L] Silver Bullet and informIT: Jeremiah Grossman

Hi Gary, I think you were on the right path describing software security and illustrating the difference between software security and web app security (even though I don't think it was intentional) when you talked about Pervasive Computing in a BankInfoSecurity podcast (starting at 5 min 10 sec).

[SC-L] Silver Bullet and informIT: Jeremiah Grossman

hi sc-l, Episode 32 of the Silver Bullet Security Podcast went live last night. This episode features a chat with Web security guru Jeremiah Grossman. Among other things, we talk about the relationship between Web app security and software security: http://www.cigital.com/silverbullet/ Jerem

Re: [SC-L] Silver Bullet

Mary ann has already been a victim. Do analysts count as practitioners?? gem - Original Message - From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: SecureMailing List Sent: Mon Sep 29 15:08:55 2008 Subject: Re: [SC-L] Silver Bullet Women to include are: Diana Kelley of Securit

Re: [SC-L] Silver Bullet

I strongly agree with James' ask. Its nice to hear from gurus, but we need to hear about real world tradeoffs too. Sausage making aint pretty (ask Hank and Ben), but its the real world and I for one am always fascinated with what choices organizations make and why. I am also very excited to hea

Re: [SC-L] Silver Bullet

(HTSC, IT); SecureMailing List Subject: Re: [SC-L] Silver Bullet Good idea James. If you take a look at the list of victims, you'll see a mix of academics, gurus, and CSOs. My next victim (Matt Bishop) is already slated. After that I will see what I can do to get a CIO for November. BT

Re: [SC-L] Silver Bullet

Thanks Gunnar. I'm scheming schemes that you guys may like...hold that thought! gem On 9/29/08 2:52 PM, "Gunnar Peterson" <[EMAIL PROTECTED]> wrote: I strongly agree with James' ask. Its nice to hear from gurus, but we need to hear about real world tradeoffs too. Sausage making aint pretty (as

Re: [SC-L] Silver Bullet

Good idea James. If you take a look at the list of victims, you'll see a mix of academics, gurus, and CSOs. My next victim (Matt Bishop) is already slated. After that I will see what I can do to get a CIO for November. BTW, if anyone has suggestions along those lines, I'm all ears. I would

  1   2   >