SearchSecurity.com is pleased to partner with the father of software security, Gary McGraw, to feature his monthly Silver Bullet software security podcast, which discusses best practices in software security.
See below to play and download recent episodes!
Silver Bullet podcast episode: An interview with Charlie Miller
In this episode, Gary talks with Charlie Miller, a computer security researcher with Twitter. They discuss Charlie’s history in finding security flaws in Apple products, hacking cars, and whether we’re past the bug whack-a-mole days.
Silver Bullet podcast episode: An interview with Ming Chow
In this episode, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals. They also talk about what developers currently think of software security, what would make developers more likely to take security seriously, and how Ming uses games to teach security to his students.
Silver Bullet podcast episode: An interview with Yoshi Kohno
In this episode, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington, about how much academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, and helping consumers understand privacy implications of popular products’ security designs.
Silver Bullet podcast episode: An interview with Jon Callas
In this episode, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work. They also chat briefly about software security and reality.
Silver Bullet podcast episode: An interview with Caroline Wong
In this episode, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initiative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profile firms, and how to increase the number of women in computer science.
Silver Bullet podcast episode: An interview with Matthew Green
In this episode, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_DRBG RSA/EMC random number generator.
Silver Bullet podcast episode: An interview with Michael Reiter
In this episode, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teaching computer security, and how to attract more women to the field of software security. They close out their discussion with some talk about mixed martial arts.
Silver Bullet podcast episode: An interview with Christian Collberg
In this episode, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software, Christian’s opinions on products that purport to offer software protection on mobile devices, and whether software security students should be taught to think like an attacker. They close out their talk with discussion of travel on planet Earth.
Silver Bullet podcast episode: An interview with James Walden
In this episode, Gary chats with James Walden, Ph.D., Associate Professor of Computer Science at Northern Kentucky University. Gary and James discuss the progress being made in the field of software security, why there are plenty of top N lists for bugs but none for flaws, the difficulties of teaching how to fix code, the current generation’s outlook on privacy, and security metrics and measurement.
Silver Bullet podcast episode: An interview with Wenyuan Xu
In this episode, Gary chats with Wenyuan Xu, Associate Professor in the Department of Computer Science and Engineering at the University of South Carolina. Gary and Wenyuan discuss the differences between American and Chinese technical culture, Wenyuan’s work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science. They close out the episode with a discussion of tailgating.
Silver Bullet podcast episode: A discussion with Jim Routh and Scott Matsumoto
In this episode, Gary talks mobile security with two guests—Jim Routh, former global head of application security at JP Morgan Chase (and newly-appointed CSO), and Scott Matusmoto, Principal Consultant and head of the mobile security practice at Cigital. All three discuss challenges associated with mobile security and how these challenges are exactly the same as and different than software security concerns from past years. Also discussed is use of new technologies including accelerometers in enhancing security (or compromising privacy), and the effect that massive phone rooting has on security.
Silver Bullet podcast episode: An interview with Hord Tipton
In this podcast, Gary chats with W. Hord Tipton, Executive Director of (ISC)2. Gary and Hord discuss how to get into science and engineering when growing up in rural Tennessee, what insight being a nuclear and chemical engineer gives Hord about modern control systems, whether or not certification helps to advance software security, and the benefits of teaching software security to kids.
Silver Bullet podcast episode: An interview with Mark Graff
In this podcast, Gary talks with Mark Graff, CISO at NASDAQ OMX. Gary and Mark discuss what a CISO actually does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence Livermore National Laboratory, Enrico Fermi and the piano tuners (the “Fermi problem”) and how it relates to estimation, and the most surprising cultural difference between the left and right coasts. They close out their conversation with talk about Mark’s favorite poem from the mid-19th century (and it still has a software security connection!).
Silver Bullet podcast episode: An interview with Kevin Fu
In this podcast, Gary talks with Kevin Fu, Associate Professor in the EECS Department at the University of Michigan. Gary and Kevin talk about finding advisors and picking a grad school, the security implications of embedded medical devices, the presence of malware in hospital systems, the consumer trend toward analyzing health data, and the issues associated with teaching design analysis to other humans.
This was first published in April 2013