Open Source Security
Using Mercator to map assets with Didier Barzin
Talos Linux security with Andrey Smirnov
Open Source is one person
Discussing the Open Source, Open Threats? paper with Behzad and Ali
crates.io trusted publishing with Tobias Bieniek
CVE update with Patrick Garrity
GCVE with Cédric Bonhomme and Alexandre Dulaunoy
EU Regulations will change everything with Daniel Thompson
Open source microprocessors with Jan Pleskac
Package URLs with Philippe Ombredanne
Hobbyist Maintainers with Thomas DePierre
STIG automation with Aaron Lippold
Ecosyste.ms with Andrew Nesbitt
Curl vs AI with Daniel Stenberg
Repository signing with Kairo De Araujo
Securing GitHub Actions with William Woodruff
Embedded Security with Paul Asadoorian
tj-actions with Endor Lab's Dimitri Stiliadis
What's happening with CVE
Syft, Grype, and Grant with Alan Pope
Can we trust CVE?
CVE for EOL with Aaron Frost
Why I didn't go to VulnCon
cargo-semver-checks with Predrag Gruevski
Distributed CI and Git with Lars Wirzenius
FIDO authentication with William Brown
CRA with Luis Villa
Open Source Malware with Brian Fox
Open Source Foundations with Kelley Misata of Suricata
Forking Open Source Projects with Sheogorath
Patching EOL Open Source with Aaron Frost
Why do we keep ignoring CI security with François Proulx
Modern day authentication with Marc Boorshtein
CVEs for End of Life?
Government Security Requirements with Dick Brooks
Open Source Maintenance with Gary Kramlich
Safety vs Security with Thomas Depierre
The Future of Open Source Security
Episode 461 - The new NIST password guidance
Episode 460 - Santa's Supply Chain Security
Episode 459 - CWE Top 25 List
Episode 458 - FBI endorses E2E encryption
Episode 457 - The D-Link D-bacle
Episode 456 - What if XZ happened to a company? The openness of open source
Episode 455 - Wordpress plugin security
Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift
Episode 453 - Software Liability
Episode 452 - All about Meshtastic
Episode 451 - Python security with Seth Larson
The useful uselessness of SBOMs
Episode 450 - What's Wrong With WordPress
Episode 449 - The CUPSpocalypse
Episode 448 - What's wrong with CISA?
Episode 447 - The Tidelift 2024 open source maintainer report
Episode 446 - Researchers took over .MOBI TLD
Episode 445 - EPSS with Jay Jacobs
Episode 444 - Open Source and End of Life
Episode 443 - The Supply Chain Security Crisis
Episode 442 - The foundation of society, TLS certificates are a mess
Episode 441 - Is CWE useful?
Episode 440 - "What is open source" talk Josh gave
Episode 439 - Where are all the youth in open source?
Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice
Episode 437 - CocoPods and proper funding for open source
Episode 436 - OpenSSH and node-ip - it's all exponential growth
Episode 435 - polyfill.io - open source is too big to fix
Episode 434 - Unreported vulnerabilities and everyone is getting hacked
Episode 433 - Should OpenSSH block misbehaving clients?
Episode 432 - Flipper Zero with Alex Kulagin
Why are vulnerabilities out of control in 2024?
Episode 431 - Redirecting HTTP to HTTPS
Episode 430 - Frozen kernel security
Episode 429 - The autonomy of open source developers
Episode 428 - GitHub artifact attestation
Episode 427 - Will run0 replace sudo?
Episode 426 - Automatically exploiting CVEs with AI
Episode 425 - Video game cheaters, also pretendo
Episode 424 - The Notepad++ Parasite Website
Episode 423 - FCC cybersecurity label for consumer devices
XZ Bonus Spectacular Episode
Episode 422 - Do you have a security.txt file?
Episode 421 - CISA's new SSDF attestation form
Episode 420 - What's going on at NVD
Episode 419 - Malicious GitHub repositories
Episode 418 - Being right all the time is hard
Episode 417 - Linux Kernel security with Greg K-H
Episode 416 - Thomas Depierre on open source in Europe
Episode 415 - Reducing attack surface for less security
Episode 414 - The exploited ecosystem of open source
Episode 413 - PyTorch and NPM get attacked, but it's OK
Episode 412 - Blame the users for bad passwords!
Episode 411 - The security tools that started it all
Episode 410 - Package identifiers are really hard
Episode 409 - You wouldn't hack a train?
Episode 408 - Does Kubernetes need long term support?
Episode 407 - Should Santa use AI?
Episode 406 - The security of radio
Episode 405 - Modding games isn't cheating and security isn't fair
Episode 403 - Does the government banning apps work?
Episode 402 - The EU's eIDAS regulation is a terrible idea
Episode 401 - Security skills shortage - We've tried nothing and the same thing keeps happening
Episode 400 - When can the government hack a victim?
Episode 399 - Curl, Security, and Daniel Stenberg
Episode 398 - Is only 11% of open source maintained?
Episode 397 - The curl and glibc vulnerabilities
Episode 396 - CLAs are bad, Mkay?
Episode 395 - Uncertainty, trust, and security
Episode 394 - The lie anyone can contribute to open source
Episode 393 - Can you secure something you don't own?
Episode 392 - Curl and the calamity of CVE
Episode 391 - The Wordpress 100 year disaster recovery problem
Episode 390 - Rust shipping binaries doesn't matter
Episode 389 - What would HashiCorp do?
Episode 388 - Video game vulnerabilities
Episode 387 - Enterprise open source is different
Episode 386 - We are watching web 2.0 burn
Episode 385 - Is open source an insider threat?
Episode 384 - What's next for open source?
Episode 383 - Is open source dying?
Episode 382 - Red Hat, you were the chosen one!
Episode 381 - WTF Reddit, APIs and risk
Episode 380 - A new Sovereign Tech Fund program and the BBC on destroying hard drives
Episode 379 - Will open source save the world, again?
Rocket ships and radishes
Episode 378 - Naming things is harder than security
Episode 377 - The world is changing too fast for humans to understand
Episode 376 - Open Source Summit, who built your open source, and AI
Episode 375 - The market forces of left-pad, Episode 77 remaster part 2
Episode 374 - The event we called left-pad, Episode 77 remaster part 1
Episode 373 – HHGG security, Episode 42 remaster part 2
Episode 372 - HHGG security, Episode 42 remaster part 1
Episode 371 - pip install is the tool we deserve but not the tool we need
Episode 370 - Open Source is bigger than you can imagine
Episode 369 - OpenAI broke ChatGPT then tried to blame open source
Episode 368 - The Sovereign Tech Fund with Fiona Krakenbürger
Episode 367 - Open source will never be the same
Episode 366 - Software liability is coming
Episode 365 - "I am not your supplier" with Thomas Depierre
Episode 364 - Using SBOMs is hard
Episode 363 - Joylynn Kirui from Microsoft on DevSecOps
Episode 362 - A lesson in Rust from Carol Nichols
Episode 361 - GitHub got pwnt, but it wasn't very exciting
Episode 360 - Memory safety and the NSA
Episode 359 - The NOTAM outage and other legacy technology
Episode 358 - Furby vs Alexa
Episode 357 - Is open source being overexploited?
The perverse incentive of vulnerability counting
Episode 356 - LastPass ducked up, now what?
Episode 355 - Security Boxing Day
Episode 354 - Jerry Bell tells us why Mastodon is awesome and MFA is hard
Episode 353 - Jill Moné-Corallo on GitHub's bug bounty program
Episode 352 - Stylometry removes anonymity
Episode 351 - Is security or usability a law of the universe?
Episode 350 - Spam, Email, Content Moderation, and Infrastructure Oh My
Episode 349 - The cyber is coming from inside the house - the UK is scanning itself
Episode 348 - OpenSSL is the new lead paint
Episode 347 - Airtags in luggage and weasel security - two peas in a suitcase
Episode 346 - Security and working from home have terrible things in common
Episode 345 - Cheap hacking devices turn security upside down
Episode 344 - Python tarfile - 2022 is nothing like 2007
Episode 343 - Stop trying to fix the open source software supply chain
Episode 342 - Programming languages are the new operating system
Holding open source to a higher standard
Episode 341 - Time till open source alternative
Episode 340 - Let's chat about Let's Encrypt with Josh Aas
Why has software supply chain security exploded?
Episode 339 - Is a network problem a security vulnerability
Episode 338 - The government didn't make vulnerabilities illegal. Yet.
Episode 337 - Security patches are getting worse - Dustin Childs from ZDI tells us why
Episode 336 - We don't have data, we have security biases
Episode 335 - Bull*&$% security ideas
Episode 334 - Leap seconds break everything
Episode 333 - Open Source is unfair
Episode 332 - PyPI: 2FA or not 2FA, that is the question
Episode 331 - GPG, but nothing makes sense
Episode 330 - The sliding scale of risk: seeing the forest for the trees
Episode 329 - Signing (What is it good for)
Episode 328 - The Security of Jobs or Job Security
Episode 327 - The security of alert fatigue
Episode 326 - Big fat containers
Episode 325 - Is one open source maintainer enough?
Episode 324 - WTF is up with WFH
Episode 323 - The fake 7-Zip vulnerability and SBOM
Episode 322 - Adam Shostack on the security of Star Wars
Episode 321 - Relativistic Security: Project Zero on 0day
Episode 320 - Security Twitter is not the real world
Episode 319 - Patch Tuesday with a capital T
Episode 318 - Social engineering and why zlib got a 2018 CVE ID
Episode 317 - The lack of compromise in security
Episode 316 - You have to use open source
Facts vs Feelings
Episode 315 - Who even makes all these terrible decisions?
Episode 314 - The Linux Dirty Pipe vulnerability
Episode 313 - Insecurity at scale
Episode 312 - The Legend of the SBOM
Episode 311 - Did you scan the QR code?
Episode 310 - Hayley Tsukayama from the EFF talks about privacy
Episode 309 - The bright future of open source secuirty
Episode 308 - Welcome to the jungle - How to talk about open source security
Episode 307 - Got vulnerabilities? Introducing GSD
Episode 306 - Open source isn't broken, it's an experience
Episode 305 - Norton, Ethereum, NFT, and Apes
Episode 304 - Will we ever fix all the vulnerabilities?
Episode 303 - Log4j Christmas Spectacular!
Episode 302 - Log4j is a mess
Episode 301 - You're holding it wrong: the importance of unlearning
log4j is hard to find and harder to fix
Episode 300 - Apple vs NSO: What can copyright do for you?
Episode 299 - Experts From A World That No Longer Exists
Episode 298 - David A Wheeler discusses the OpenSSF
Episode 297 - 25 years of smashing stacks, fun, and profit
Episode 296 - Is Trojan Source a vulnerability?
Episode 295 - Open source security isn't free
Episode 294 - Chris Wysopal on the state of security education
Episode 293 - Scoring OpenSSF Security Scoring
Episode 292 - Apache RCE and Twitch epic pwn
Episode 291 - Everyone sucks at vulnerability disclosure
Episode 290 - The security of the Matrix
Episode 289 - Who left this 0day on the floor?
Episode 288 - Linux Kernel compiler warnings considered dangerous
Episode 287 - Is GitHub's Copilot the new Clippy?
Episode 286 - Open source supply chain with Google's Dan Lorenc
Episode 285 - Open source owes you nothing!
Episode 284 - What happens when we DRM power tools?
Episode 283 - When vulnerability disclosure becomes dangerous
Episode 282 - The security of Rust: who left all this awesome in here?
Episode 281 - If you spy on journalists, you're the bad guys
Episode 280 - The perils of Single Sign On
The future of DWF
Episode 279 - The audacity of Audacity: When open source goes rogue
Episode 278 - Could SELinux have stopped SolarWinds?
Episode 277 - Privacy and activism with Chris Weiland
Episode 276 - Security, behavior, and the environment
Episode 275 - What in the @#$% is going on with ransomware?
Episode 274 - Mr. Amazon's Neighborhood
Episode 273 - Can we stop the coming artificial unintelligence deluge?
Episode 272 - The Biden Cybersecurity Executive Order
Episode 271 - Pipeline security: There is no problem humans can't make worse
Episode 270 - Hello dark patterns my old friend
Episode 269 - Do not experiment on the Linux Kernel
Episode 268 - Can we trust any 3rd parties?
Episode 267 - Does 0day still mean 0day?
Episode 266 - The future of security scanning with Debricked
Episode 265 - The lies closed source can tell, open source can't
It's time to fix CVE
Episode 264 - DevSecOps with GitLab's Mark Loveless
Episode 263 - GitHub pulls exploits, LinuxFoundation sign all the things
Episode 262 - A discussion with Loris and Pop from Sysdig
Episode 261 - DWF is back! Welcome to community powered CVE
Episode 260 - Dave Jevans tells us what CipherTrace is up to
Episode 259 - What even is open source anymore?
The Titanic of security
Episode 258 - Stop using C
Episode 257 - The sudo and libgcrypt vulnerabilities
It's the community, stupid
Episode 256 - 9 bits of podcast, 8 bits of computing
You cannot manage your supply chain
Episode 255 - What if security wasn't joyless?
Episode 254 - Right to Repair Security
Episode 253 - Defenders only need to be right once
Episode 252 - Is open source dangerous? Open source won, who cares, shut up!
Episode 251 - Communication is hard, security communication is more hard
Episode 250 - Door 25: Why do we do the things we do? Question everything
Episode 249 - Door 24: Information wants to be free
Episode 248 - Door 23: How to report 1000 security flaws
Episode 247 - Door 22: How to report one security flaw
Episode 246 - Door 21: Bug bounties
Episode 245 - Door 20: Is SMS 2FA better than no 2FA?
Episode 244 - Door 19: TLS certificate trust
Episode 243 - Door 18: Don't roll your own crypto or auth
Episode 242 - Door 17: Vulnerability response
Episode 241 - Door 16: 16 bits of change
Episode 240 - Door 15: Supplier compliance
Committee or Community: Slowing down the future
Episode 239 - Door 14: Backdoors
Episode 238 - Door 13: Unlucky or survivor bias?
Episode 237 - Door 12: Video game hacking
Episode 236 - Door 11: Should you get on a 737?
Episode 235 - Door 10: Deciding what information matters
Episode 234 - Door 09: public key cryptography
Episode 233 - Door 08: man 8 security
Episode 232 - Door 07: 7 is the best prime, 2 is the dumbest
Episode 231 - Door 06: 6 wifi risks ... that don't actually matter
Episode 230 - Door 05: 5 reasons you need 24/7 robot monitoring
Episode 229 - Door 04: EFF's Cover Your Tracks
Episode 228 - Door 03: Do all vulnerabilities matter equally?
Episode 227 - Door 02: Marketing department or selection bias?
Episode 226 - Door 01: Advent calendars
Episode 225 - Who is responsible if IoT burns down your house?
We can't move forward by looking back
Episode 224 - Are old Android devices dangerous?
Episode 223 - Full disclosure won, deal with it
Episode 222 - HashiCorp Boundary with Jeff Mitchell
Episode 221 - Security, magic, and FaceID
Episode 220 - Securing network time and IoT
Episode 219 - Chat with Larry Cashdollar
Episode 218 - The past was a terrible place
A bug by any other name
Episode 217 - How to tell your story with Travis Murdock
Episode 216 - Security didn't find life on Venus
Episode 215 - Real security is boring
Episode 213 - Security Signals: What are you telling the world
We take security seriously, VERY SRSLY!
Episode 212 - Grab Bag: The Security We Deserve Edition
2020 CWE Top 25 I mean 10 or maybe 4.5
Episode 211 - The only thing harder than signing files is managing users
Episode 210 - Cult of Information Security
Episode 209 - Secure Boot isn't Secure
Episode 208 - Passwords are pollution
Episode 207 - Weaponized attention
Episode 206 - Confidential Virtual Machines; The future of cloud computing
Episode 205 - The State of Open Source Security with Alyssa Miller from Snyk
Episode 204 - What Would Apple Do?
Episode 203 - Humans, conferences, and security: let me think and get back to you in a bit
The ineffective CISO
Episode 202 - The convergence of application security
Episode 201 - We broke CVSSv3, now how do we fix it?
Episode 200 - Talking Container Security with Liz Rice
Episode 199 - Special cases are special: DNS, Websockets, and CSV
Broken vulnerability severities
Episode 198 - Good advice or bad advice? Hang up, look up, and call back
Episode 197 - Beer, security, and consistency; the newer, better, triad
Episode 196 - Pounding square solutions into round holes: forced updates from Ubuntu
Episode 195 - Is BGP actually insecure?
Episode 194 - Working from home security: resistance is futile
Episode 193 - Security lessons from space: Apollo 13 edition
Episode 192 - Work without progress - what Infosec can learn from treadmills
Episode 191 - Security scanners are all terrible
Who are the experts
Episode 190 - Building a talent "ecosystem"
Episode 189 - Video game hackers - speedrunning
Part 6: What do we do now?
Part 5: Which of these security problems do I need to care about?
Part 4: Application scanning
Episode 188 - Depressing news sucks, we're talking about cheating in video games
Episode 187 - Wireguard vs IPsec: the OK Boomer of security
Part 3: Composition scanning
Part 2: Scanning the code
Part 1: Is your security scanner running? You better go catch it!
The Security Scanner Problem
Episode 186 - Endpoint security with Tony Meehan
Episode 185 - Is it even possible to fix open source security?
Episode 184 - It’s DNS. It's always DNS
Episode 183 - The great working from home experiment
Episode 182 - Does open source owe us anything?
Episode 181 - The security of SIM swapping
Episode 180 - A Tale of Two Vulnerabilities
Episode 179 - Google Project Zero and the 90 day clock
Episode 178 - Are CVEs important and will ransomware put you out of business?
Episode 177 - Fake or real? The security of counterfeit goods
Episode 176 - The 'predictions are stupid' prediction episode
Episode 175 - Defenders will always be one step behind
Episode 174 - GitHub turns security up to 11; A discussion with Rob Schultheis
Episode 173 - Ho Ho Homeland Security
Episode 172 - The security of planned obsolescence
Episode 171 - Measuring cybersecurity with Kathryn Waldron
Episode 170 - Until that quantum computer is cracking RSA keys, go sit back down!
Episode 169 - What happens when leadership doesn't care about security?
Episode 168 - The draconian draconians of DRM
Episode 167 - Security is terrible because digital literacy is terrible
Episode 166 - Every day should be cybersecurity awareness month!
Episode 165 - Grab Bag of Microsoft Security News
Episode 164 - DNS over HTTPS: Probably not the end of the world
Episode 163 - Death to Python 2
Episode 162 - SBOM with Allan Friedman
Episode 161 - Human nature and ad powered open source
Episode 160 - Disclosing security issues is insanely complicated: Part 2
Episode 159 - Disclosing security issues is insanely complicated: Part 1
Backdoors in open source are here to stay
Episode 158 - The mess that we call credit agencies in the US
Episode 157 - Backdoors and snake oil in our cryptography
Appsec isn't people
Episode 156 - What if we MitM a whole country?
Why you can't backdoor cryptography
Episode 155 - Stealing cars and ransomware
Episode 154 - Chat with the authors of the book "The Fifth Domain"
Episode 153 - The unexpected security of AI, photographs, and VPN
Episode 152 - Tavis breaks the world ... again
Episode 151 - The DARPA Cyber Grand Challenge with David Brumley
Episode 150 - Our ad funded dystopian present
Episode 149 - Chat with Michael Coates about data security
Episode 148 - You just got pwnt, what now?
Episode 147 - Scams and operations as part of the supply chain
Episode 146 - What the @#$% happened to Microsoft?
Episode 145 - What do security and fire have in common?
Episode 144 - The security of money, which one is best?
Episode 143 - Security lessons from the phone book
Episode 142 - Hypothetical security: what if you find a USB flash drive?
Episode 141 - Timezones are hard, security is harder
The security of dependencies
Episode 140 - Good enough security is a pretty high bar
Supplying the supply chain
Episode 139 - Secure voting, firefox send, and toxic comments on the internet
Episode 138 - Information wants to be free
Episode 137.5 - Holy cow Beto was in the cDc, this is awesome!
Episode 137 - When the IoT attacks!
Episode 136 - How people feel is more important than being right
Episode 135 - Passwords, AI, and cloud strategy
Episode 134 - What's up with the container runc security flaw?
Episode 133 - Smart locks and the government hacking devices
Episode 132 - Bird Scooter: 0, Cory Doctorow: 1
Episode 131 - Windows micropatches, Google's privacy fine, and Mastercard fixes trial abuse
Episode 130 - Chat with Snyk co-founder Danny Grander
Security isn't a feature
Episode 129 - The EU bug bounty program
Episode 128 - Australia's encryption backdoor bill
Misguided misguidings over the EU bug bounty
2018 Christmas Special - Is Santa GDPR compliant?
Episode 127 - Walled gardens, appstores, and more
Episode 126 - The not so dire future of supply chain security
Episode 125 - Open Source, supply chains, npm, and you
What's up with backdoored npm packages?
Episode 124 - Cloudflare's service workers and the economics of security
Dependencies in open source
Episode 123 - Talking about Kubernetes and container security with Liz Rice
Episode 122 - What will Apple's T2 chip mean for the rest of us?
Episode 121 - All about the security of voting
Episode 120 - Bloomberg and hardware backdoors - it's already happening
Targeted vs General purpose security
Episode 119 - The Google+ and Facebook incidents, it's not your data anymore
Episode 118 - Cloudflare's IPFS and onion service
Episode 117 - Will security follow Linus' lead on being nice?
Millions of unfixed security flaws is a lie
Episode 116 - The future of the CISO with Michael Piacente
Episode 115 - Discussion with Brian Hajost from SteelCloud
Episode 114 - Review of "Click Here to Kill Everybody"
Episode 113 - Actual real security advice
Episode 112 - Google's Titan Key and the latest Struts issue
Security reviews and microservices
Episode 111 - The TLS 1.3 and DNS episode
Actionable Advice
Episode 110 - Review of Black Hat, Defcon, and the effect of security policies
Episode 109 - OSCon and actionable advice
Episode 108 - Bluetooth, phishing, airgaps, and eating soup off the floor
Episode 107 - The year of the Linux Desktop and other hardware stories
Episode 106 - Data isn't oil, it's nuclear waste
Episode 105 - More backdoors in open source
The father of modern security: B. F. Skinner
Episode 104 - The Gentoo security incident
Episode 103 - The Seven Properties of Highly Secure Devices
Episode 102 - Michael Feiertag from tCell
Episode 101 - Our unregulated future is here to stay
Episode 100 - You're bad at buying security, we can help!
Security ROI isn't impossible, we suck at measuring
Episode 99 - Consumer security is too broken to fix, and it doesn't matter
Episode 98 - When IT decisions kill people
Episode 97 - Automation: Humans are slow and dumb
Helicopter security
Episode 96 - Are legal backdoors a good idea?
Episode 95 - Twitter passwords and npm backdoors
Episode 94 - DNSSEC, BGP, and reality
Episode 93 - Security flaws in beep and patch, how did we get here?
Episode 92 - Chat with Rami Saas the CEO of WhiteSource
Episode 91 - Security lessons from a 7 year old
Spend until you're secure
Episode 90 - Humans and misinformation
Episode 89 - Short selling AMD security flaws
Episode 88 - Chat with Chris Rosen from IBM about Container Security
Episode 87 - Chat with Let's Encrypt co-founder Josh Aas
But that's not my job!
Episode 86 - What happens when 23 thousand certificates leak?
Episode 85 - NPM ate my files
Episode 84 - Have I been pwned?
Episode 83 - XKCD + CVE = XKCVE
Episode 82 - RSA, TLS, Chrome HTTP, and PCI
Episode 81 - Autosploit, bug bounties, and the future of security
Episode 80 - GPS tracking and jamming
Episode 79 - Skyfall: please don't yell 'fire'
Episode 78 - Risk lessons from Hawaii
Episode 77 - npm and the supply chain
Episode 76 - Meltdown aftermath
Security and privacy are the same thing
Episode 75 - Security Planner review
Episode 74 - Facial recognition and physical security
Episode 73 - Security from Santa
Episode 72 - Bitcoin: It's over 9000
Episode 71 - GitHub's Security Scanner
Episode 70 - The security of Intel ME
Episode 69 - Actionable security advice
Episode 68 - Ruining the Internet
Episode 67 - Cyber won
Episode 66 - Objects in mirror are less terrible than they appear
Episode 65 - Will aliens overthrow us before AI?
Episode 64 - Networks and Dnsmasq and IoT oh my
Episode 63 - Shoot, Shovel, and Bury
Episode 62 - All about the Equifax hack
Episode 61 - Market driven security
Episode 60 - The official blockchain episode
Episode 59 - The VPN Episode
Episode 58 - Backwards compatibility to the point of insanity
Episode 57 - We may never see amazing security research ever again
Summer is coming
Episode 56 - Devil's Advocate and other fuzzy topics
Episode 55 - Good docs ruin my story
Who's got your hack back?
Episode 54 - Turning into an old person
Episode 53 - A plane isn't like a car
When in doubt, blame open source
Episode 52 - You could have done it right, but you didn't
Thought leaders aren't leaders
Episode 51 - All about CVE
Humanity isn't proactive
Episode 50 - This is a security podcast after all
Free Market Security
Episode 49 - Testing software is impossible
Stealing from customers
You know how to fix enterprise patching? Please tell me more!!!
Episode 48 - Machine Learning: Not actually magic
Episode 47 - WannaCry: Everything is basically broken
Episode 46 - Turns out I'm not a bad guy
Security like it's 2005!
Episode 45 - Trust is more important now than the truth
Security fail is people
Episode 44 - Bug Bounties vs Pen Testing
I have seen the future, and it is bug bounties
Episode 43 - We are totally immature
Crawl, Walk, Drive
Episode 42 - Hitchhiker's Guide to Security
The obvious answer is never the secure answer
Episode 41 - All your money are belong to us
The expectation of security
Episode 40 - Let's fork bitcoin, again
Remember kids, if you're going to disclose, disclose responsibly!
Episode 39 - Flash on your dishwasher
Inverse Law of CVEs
Episode 38 - We Ruin Everything
Security, Consumer Reports, and Failure
Episode 37 - Your bathtub is more dangerous than a shark
Episode 36 - A Good Enough Podcast
What the Oscars can teach us about security
Episode 35 - Crazy Cosmic Accident
SHA-1 is dead, long live SHA-1!
Episode 34 - Bathing in Ebola Virus
Episode 33 - Everybody who went to the circus is in the circus (RSA 2017)
Reality Based Security
Episode 32 - Gambling as a Service
Episode 31 - XML is never the solution
Everything you know about security is wrong, stop protecting your empire!
Episode 30 - I'm not an expert but I've been yelled at by experts
Return on Risk Investment
Episode 29 - The Security of Rogue One
Episode 28 - RSA Conference 2017
What does security and USB-C have in common?
Episode 27 - Prove to me you are human
Episode 26 - Tell your sister, Stallman was right
Episode 25 - The future is now
Security Advice: Bad, Terrible, or Awful
Looks like you have a bad case of embedded libraries
Episode 24 - The 2016 prediction edition! (yeah, that's right, 2016)
Future Proof Security
Episode 23 - We can't patch people
The art of cutting edge, Doom 2 vs the modern Security Industry
Episode 22 - IoT Wild West
Episode 21 - CVE 10K Extravaganza
Does "real" security matter?
Episode 20 - The Death of PGP
Episode 19 - A field full of razor blades and monsters
Episode 18 - The Security of Santa
Episode 17 - Cyphercon Interview with Korgo
Airports, Goats, Computers, and Users
Episode 16 - Cat and mouse
Episode 15 - Cyber Black Monday
The Economics of stealing a Tesla with a phone
Episode 14 - David A Wheeler: CII Badges
Fast security is the best security
Episode 13 - CVE: The metric system of security
Who cares if someone hacks my driveway camera?
Episode 12 - Security Trebuchet
Free security is the only security that really works
Stop being the monkey's paw
Episode 11 - The Poison Candy Episode
Security is in the same leaky boat as the sysadmins
Episode 10 - The super botnet that nobody can stop
Everything you know about security is wrong
IoT Can Never Be Fixed
Episode 9 - Are bug bounties measuring the wrong things?
Can I interest you in talking about Security?
Episode 8 - The primality of prime numbers
Episode 7 - More Powerful than root!
Impossible is impossible!
Episode 6 - Foundational Knowledge of Security
Episode 5 - OpenSSL: The library we deserve
Who left all this fire everywhere?
Episode 4 - Dead squirrel in a box
Is dialup still an option?
Why do we do security?
Episode 3 - The Lockpicking Sewing Circle
On Experts
Episode 2 - Instills the proper amount of fear
Episode 1 - Rich History of Security Flaws
You can't weigh risk if you don't know what you don't know
How do we explain email to an "expert"?
The cost of mentoring, or why we need heroes
Can't Trust This!
We're figuring out the security problem (finally)
Everyone has been hacked
Using a HooToo Nano as a magic VPN box
Entry level AI
But I have work to do!
The future of security
Decentralized Security
Ready to form Voltron! why security is like a giant robot make of lions
Is there a future view that isn't a security dystopia?
Regulation can fix security, except you can't regulate security
Thoughts on our security bubble
Security will fix itself, eventually
Security isn't a feature, it's a part of everything
Trusting, Trusting Trust
Can we train our way out of security flaws?
Software end of life matters!
What happened with Badlock?
Cybersecurity education isn't good, nobody is shocked
Security is really about Risk vs Reward
Ransomware is scary, but not for the reasons you think it is
I'm going to do something really cool in 3 weeks! ... Probably.
Everything is fine, nothing to see here!
Containers are like sandwiches
The interesting things from RSA are what didn't happen, and containers are sandwiches
Let's talk about soft skills at RSA, plus some other things
Thinking about glibc and Heartbleed, how do fix things
Change direction, increase speed! (or why glibc changes nothing)
glibc for humans
Does the market care about security?
Security and Tribal Knowledge
OpenSSH, security, and everyone else
What the lottery and security have in common
A security analogy that works
Security reminds me of the gym on January 2
A Christmas Cyber
Security is the new paperless office!
Security lacks patience
Where is the physical trust boundary?
If your outcome is perfect or nothing, nothing always wins
Your containers were built in some guy's barn!
Is the Linux ransomware the first of many?
The Third Group
How do we talk to normal people?
How do we talk to business?
What's filling the vacuum?
We're losing the battle for security
How to build trust
How can we describe a buffer overflow in common terms?
Being a nice security person
Everyone is afraid of us
You are bad at talking to people
About
Contact Info
Media