By Gary McGraw Virgil Gligor, professor at Carnegie Mellon University and co-director of CyLab, discusses how info sec has changed over the last 35 years, why software security will be with us forever, and how his Romanian childhood shaped his views on security. | 27:10 | Apr 24, 2009 |  |
By Gary McGraw James McGovern and Gary discuss the recently released BSIMM Model, how companies with Software Security Groups retain their best and brightest, Microsoft’s trustworthy computing initiative/SDL program, and inexpensive tools small organizations can use. | 34:34 | Mar 20, 2009 | |
By Gary McGraw Gary talks with Daniel Suarez, consultant and author of the new techo-thriller Daemon, about the book, the use of MMORPGs and flash mobs for nefarious means in the form of a distributed emergent attack, the state of AI, and the follow-up to Daemon. | 25:16 | Feb 26, 2009 | |
By Gary McGraw Bill Brenner, senior editor at CSO Online and CSO Magazine, discusses how delivering the security message changes based on the audience, the much-exaggerated death of print media, and balancing sensationalism with solid security business coverage. | 27:48 | Jan 24, 2009 | |
By Gary McGraw Laurie Williams, Assoc Professor of Computer Science at NC State University, discusses her 9 years at IBM, Agile's commercial adoption, XP and software security, and what changes she would make to comp sci curriculum to better prepare students. | 23:39 | Jan 23, 2009 | |
By Gary McGraw Jeremiah Grossman discusses clickjacking, cross-site request forgery, why 50% of web problems can’t be discovered reliably automatically, and which conferences Jeremiah most enjoyed on his 2008 world tour. | 29:20 | Nov 18, 2008 | |
By Gary McGraw Gary talks with Matt Bishop, author and professor of Computer Science at UC Davis about security analysis and secure coding in CS curriculum, Matt’s early work on TOCTOU, and the role of training in large-scale software security initiatives. | 24:24 | Oct 25, 2008 | |
By Gary McGraw Ken van Wyk, CERT's first employee and active member of FIRST, discusses why the discipline of computer science doesn’t learn from failure, how computer security is moving backwards, and the software security implications of focusing on web applications. | 21:48 | Oct 8, 2008 | |
By Gary McGraw Gary talks with Dennis Fisher, executive editor of The Security Media Group at TechTarget, about the current "BS factor" in security journalism, shopping at TJ Maxx right after the TJX privacy breach, and the state of software security. | 23:50 | Aug 21, 2008 | |
By Gary McGraw Legendary security guru Bill Cheswick discusses whether we’re winning or losing the computer security war, how security threats have evolved from pimply-faced teenagers to organized crime, and whether we should move security into "the cloud." | 23:59 | Jul 15, 2008 | |
By Gary McGraw Gunnar Peterson, a Managing Principal at Arctec Group, discusses "What is security?", the state of Web 2.0 and SOA security, "federated identity," and whether all market verticals can follow the software security lead of the financial services industry. | 27:56 | Jun 18, 2008 | |
By Gary McGraw Adam Shostack, a security expert on Microsoft's Secure Development Lifecycle team, discusses his start in computer security, how art informs his work, the idea behind "The New School of Information Security," and his aversion to the term "best practices." | 30:12 | May 16, 2008 | |
By Gary McGraw Award-winning technology reporter and Pulitzer Prize nominee Jon Swartz discusses his new book, how cybercrime is driven by capitalist principals, why people are so lax about software security, and how identity theft instances are on a sharp upward trend. | 27:49 | Apr 18, 2008 | |
By Gary McGraw Oracle Chief Security Officer Mary Ann Davidson discusses how an MBA helps in the CSO role, Oracle’s “Unbreakable” campaign, why everyone needs training in secure coding, and how military history informs computer security. | 28:45 | Mar 14, 2008 | |
By Gary McGraw Chris Wysopal, founder and CTO of Veracode and one of the seven original members of the L0pht hacker collective, discusses the role of security researchers now versus in the mid-late 90s, and the current state of the software security market. | 24:48 | Feb 19, 2008 | |
By Gary McGraw Ed Amoroso, Chief Information Security Officer of AT&T, discusses the difference between bugs and flaws, the propensity for confusion around how security actually works; privacy, security, and monitoring; and software quality vs software security. | 32:25 | Jan 23, 2008 | |
By Gary McGraw Gary hosts a discussion with Cigital principals Sammy Migues, John Steven, and Pravir Chandra about the best ways for large companies to get started with software security, and the similarities between CLASP, Microsoft’s SDL, and the Security Touchpoints. | 23:35 | Dec 21, 2007 | |
By Gary McGraw PARC researcher Markus Jakobsson discusses the difference between academic and corporate research, the idea of "perfect privacy," moving from cryptography to sociology, how reality is mimicking phishers, and how cartoons can be used to teach security. | 24:29 | Nov 16, 2007 | |
By Gary McGraw Mikko Hyppönen, Chief Research Officer at F-Secure, discusses whether mobile viruses are all hype or a legitimate threat, if the iPhone as a closed system is good or bad for security, and his prediction for the appearance of the first mobile botnet. | 22:11 | Oct 18, 2007 | |
By Gary McGraw Dr. Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security, discusses the role of software testing in computer security, commercial certifications, ethical hacking, and auditing and compliance. | 28:08 | Sep 25, 2007 | |
By Gary McGraw Eric Cole, CEO of Secure Anchor, discusses how to demonstrate security ROI in different organizations, the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. | 29:23 | Aug 24, 2007 | |
By Gary McGraw Greg Hoglund, co-author of "Rootkits: Subverting the Windows Kernel and Exploiting Software," discusses the tendency of certain types of code to allow exploits, how disclosing exploits is a good thing, and the use of rootkits by the "good guys." | 24:03 | Jul 12, 2007 | |
By Gary McGraw Annie Antón, director of theprivacyplace.org, defines what privacy is in the digital world and discusses airlines’ pitiful privacy policies, the impact that a Google/Doubleclick deal would have on consumer privacy, and crazy talk in EULAs. | 25:16 | Jun 19, 2007 | |
By Gary McGraw Peter Neumann, designer of the Multics OS file system and Principal Scientist at the SRI Computer Science Laboratory, discusses the discipline involved in early Multics engineering, and why DRM is the “wrong solution to the wrong problem." | 20:59 | May 22, 2007 | |
By Gary McGraw Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University, discusses the reasons most systems fail, the economic imbalance between engineers and users, and why publicly describing attacks is essential to security. | 22:50 | Apr 13, 2007 | |
By Gary McGraw Becky Bace, Advisor to Venture Capital firm Trident Capital, discusses the evolution of security curricula in academia, rampant commercialization of computer security, and her involvement in tracking down the notorious Kevin Mitnick. | 23:39 | Mar 13, 2007 | |
By Gary McGraw Dorothy Denning, professor at the Department of Defense Analysis at the Naval Postgraduate School, discusses her involvement in the Clipper Chip controversy, the concept of geo-encryption, and her 1990 paper describing interviews with malicious hackers. | 22:22 | Feb 15, 2007 | |
By Gary McGraw The Fortify Software Technical Advisory Board discusses what commercial software tools can learn from academic research, the state of software security in China, real world lessons learned while using static analysis tools, and software security pedagogy. | 19:34 | Jan 22, 2007 | |
By Gary McGraw Bruce Schneier, founder and CTO of Counterpane, discusses the connection between physical security its technological component, risk management, the intersection of economics and security, and the ideas of “wholesale surveillance” and “security theater.” | 24:50 | Dec 14, 2006 | |
By Gary McGraw Gary and Brian Chess, co-founder and chief scientist of Fortify Software, discuss what commercial developers and academics have to learn from each other and how mystifying it is that some developers are OK with XSS vulnerabilities in their applications. | 24:33 | Nov 17, 2006 | |
By Gary McGraw Cisco Chief Security Officer John Stewart discusses what CSOs do all day, how he got started in computer security, and the infamous Morris Worm from 1988 (which John was deeply involved in while a student at Syracuse). | 27:04 | Oct 25, 2006 | |
By Gary McGraw Gary interviews Michael Howard, Senior Security Program Manager of Microsoft’s Security Technology Unit. Michael the security features of Windows Vista and gives recommendations for the two most important best practices when developing secure software. | 25:46 | Sep 28, 2006 | |
By Gary McGraw Ed Felten, Professor of Computer Science and Public Affairs at Princeton University and the Director of the Center for Information Technology Policy, describes the importance of public policy and the law to computer scientists. | 22:55 | Aug 28, 2006 | |
By Gary McGraw CEO and founder of Scorpion Software Dana Epp and Gary talk about past programming disasters, the security implications of complex systems, suggestions for new developers interested in software security, and regulation’s role in information security. | 24:28 | Jul 31, 2006 | |
By Gary McGraw Gary talks with acclaimed security guru Marcus Ranum, widely credited with inventing the proxy firewall. Marcus and Gary discuss why Marcus thinks we’re not making progress in the computer security field, and how common sense would help computer security. | 22:56 | Jul 14, 2006 | |
By Gary McGraw Gary chats with Dan Geer, Chief Scientist at Verdasys. about the need to understand both technology and business in order to be a good security practitioner, Dan’s paper Cyber Insecurity, his work on Project Athena, and livestock. | 22:24 | Jun 12, 2006 | |
By Gary McGraw Gary talks with Avi Rubin, professor of computer science and technical director of the information security institute at Johns Hopkins University. Avi made headlines in 2003 when he revealed glitches in Diebold electronic voting machines. | 20:03 | Apr 19, 2006 | |
