Essential Guide

How to develop software the secure, Gary McGraw way

A comprehensive collection of articles, videos and more, hand-picked by our editors

Software security podcast library

SearchSecurity.com is pleased to partner with Gary McGraw to feature his monthly Silver Bullet software security podcasts, which discuss best practices in software security.

SearchSecurity.com is pleased to partner with Gary McGraw to feature his monthly Silver Bullet software security podcasts, which discusses best practices in software security.

McGraw hosts this monthly podcast, interviewing various information security practitioners, experts and commentators about software security and other top issues in the world of infosec.

Bookmark this page and be sure to check back monthly for new episodes!

Silver Bullet podcast: An Interview with Brian Krebs
October 2014

On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security. Gary and Brian discuss how growing up with a computer affected their future careers in security, MUD vs MAD, why "old media" can't support in-depth security reporting, and why the government continues to be five years behind the security curve. They close out talking about Brian's experience of writing Spam Nation.

 

Silver Bullet podcast: An Interview with Richard Danzig
September 2014

On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard's time at the Department of Defense, what he learned when running the US Navy that can be applied to computer security, Richard's recommendations from his important new CNAS report, and how the report is designed to have an impact on policy. They close out their chat with a high-brow art discussion.

 

Silver Bullet podcast: A roundtable with founding members of the Center for Secure Design
August 2014

In the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design. The participants discuss the origin of the Center, why design flaws are more difficult to fix than implementation bugs, design flaws in automobile design and how the top 10 most common flaws recently published by the Center for Secure Design were compiled.

 

Silver Bullet podcast: A roundtable with Cigital's principals
July 2014

After 100 months in a row (over 8 years), the Silver Bullet Security Podcast with Gary McGraw hits its landmark 100th episode. In this episode Gary talks live on video with Cigital’s Principals: John Steven, Scott Matsumoto, Paco Hope, Jim DelGrosso and Sammy Migues. The group discusses the state of software security and how its evolved (or has it?) over the last decade. They talk Frameworks and code analysis, mobile security, software security in Europe, the forthcoming IEEE Center for Secure Design, and BSIMM. Finally we get to find out who thinks we’re making progress and who doesn’t.

Or view the video here.

Cigital roundtable discussion.

Silver Bullet podcast: An interview with Michael Hicks
June 2014

In this episode, Gary talks with Michael Hicks, professor Computer Science at the University of Maryland about the Programming Language Design and Implementation (PLDI) conference, type safety, closure, dynamic languages, why C is problematic, and how Javascript is dangerous. They go on to discuss the role that cryptography plays in security, how ideas from Scrum influence the way Michael runs his research group, CMSC 838G (that is, “Software Security”), and the Build-it, Break-it, Fix-it Programming Contest.

 

Silver Bullet podcast: An interview with Bart Miller
May 2014

In this episode, Gary chats with Bart Miller, Professor of Computer Science at the University of Wisconsin-Madison and Chief Scientist of the DHS Software Assurance Marketplace Research Facility. Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of binaries, and the SWAMP project.

 

Silver Bullet podcast: An interview with Aaron Bedra
April 2014

In this episode, Gary chats with Aaron Bedra, Senior Manager of Application Security at Groupon. Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, and type safety and closure in programming.

 

Silver Bullet podcast episode: An interview with Nate Fick
March 2014

In this episode, Gary talks with Nate Fick, CEO of Endgame. Gary and Nate discuss the use of the term "cyber war" from the perspective of an ex-Marine, Nate’s time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game.

 

Silver Bullet podcast episode: An interview with Charlie Miller
February 2014

In this episode, Gary talks with Charlie Miller, a computer security researcher with Twitter. They discuss Charlie’s history in finding security flaws in Apple products, hacking cars, and whether we’re past the bug whack-a-mole days.

 

Silver Bullet podcast episode: An interview with Ming Chow
January 2014

In this episode, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals. They also talk about what developers currently think of software security, what would make developers more likely to take security seriously, and how Ming uses games to teach security to his students.

 

Silver Bullet podcast episode: An interview with Yoshi Kohno
December 2013

In this episode, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington, about how much academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, and helping consumers understand privacy implications of popular products’ security designs.

 

Silver Bullet podcast episode: An interview with Jon Callas
November 2013

In this episode, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work. They also chat briefly about software security and reality.

 

Silver Bullet podcast episode: An interview with Caroline Wong
October 2013

In this episode, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initiative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profile firms, and how to increase the number of women in computer science.

 

Silver Bullet podcast episode: An interview with Matthew Green
September 2013

In this episode, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_DRBG RSA/EMC random number generator.

 

Silver Bullet podcast episode: An interview with Michael Reiter
August 2013

In this episode, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teaching computer security, and how to attract more women to the field of software security. They close out their discussion with some talk about mixed martial arts.

 

Silver Bullet podcast episode: An interview with Christian Collberg
July 2013

In this episode, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software, Christian’s opinions on products that purport to offer software protection on mobile devices, and whether software security students should be taught to think like an attacker. They close out their talk with discussion of travel on planet Earth.

 

Silver Bullet podcast episode: An interview with James Walden
June 2013

In this episode, Gary chats with James Walden, Ph.D., Associate Professor of Computer Science at Northern Kentucky University. Gary and James discuss the progress being made in the field of software security, why there are plenty of top N lists for bugs but none for flaws, the difficulties of teaching how to fix code, the current generation’s outlook on privacy, and security metrics and measurement.

 

Silver Bullet podcast episode: An interview with Wenyuan Xu
May 2013

In this episode, Gary chats with Wenyuan Xu, Associate Professor in the Department of Computer Science and Engineering at the University of South Carolina. Gary and Wenyuan discuss the differences between American and Chinese technical culture, Wenyuan’s work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science. They close out the episode with a discussion of tailgating.

 

Silver Bullet podcast episode: A discussion with Jim Routh and Scott Matsumoto
April 2013

In this episode, Gary talks mobile security with two guests—Jim Routh, former global head of application security at JP Morgan Chase (and newly-appointed CSO), and Scott Matusmoto, Principal Consultant and head of the mobile security practice at Cigital. All three discuss  challenges associated with mobile security and how these challenges are exactly the same as and  different than software security concerns from past years. Also discussed is use of new technologies including accelerometers in enhancing security (or compromising privacy), and the effect that massive phone rooting has on security.

 

Silver Bullet podcast episode: An interview with Hord Tipton
March 2013

In this podcast, Gary chats with W. Hord Tipton, Executive Director of (ISC)2. Gary and Hord discuss how to get into science and engineering when growing up in rural Tennessee, what insight being a nuclear and chemical engineer gives Hord about modern control systems, whether or not certification helps to advance software security, and the benefits of teaching software security to kids.

 

Silver Bullet podcast episode: An interview with Mark Graff
February 2013

In this podcast, Gary talks with Mark Graff, CISO at NASDAQ OMX. Gary and Mark discuss what a CISO actually does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence Livermore National Laboratory, Enrico Fermi and the piano tuners (the “Fermi problem”) and how it relates to estimation, and the most surprising cultural difference between the left and right coasts. They close out their conversation with talk about Mark’s favorite poem from the mid-19th century (and it still has a software security connection!).

 

Silver Bullet podcast episode: An interview with Kevin Fu
January 2013

In this podcast, Gary talks with Kevin Fu, Associate Professor in the EECS Department at the University of Michigan. Gary and Kevin talk about finding advisors and picking a grad school, the security implications of embedded medical devices, the presence of malware in hospital systems, the consumer trend toward analyzing health data, and the issues associated with teaching design analysis to other humans.

 

This was first published in April 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

How to develop software the secure, Gary McGraw way

2 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close