Listen as Taylor Armerding and Gary discuss the early years and evolution of Cigital and software security, Gary’s software security touchpoints, the BSIMM, the CISO report, the Silver Bullet podcast, and what the future holds.
Listen as Gary and Elias discuss the progress we’ve made in software security over the last 25 years, programming languages, full disclosure, the relationship between technology inventory and software security, and more.
Listen as Gary and Meera discuss how to deal with design flaws; touchpoints such as architecture risk analysis and threat modeling; CI/CD, DevOps, automation, and orchestration; the importance of mentorship; and more.
Listen as Gary and Gøran discuss what it’s like to work for a city government and how to align the city’s goals with software security. They also examine how to get the city to pay attention to security along with all other focus areas, including GDPR, the challenges of digitalization, and how to work with the city to set a budget as you address security and privacy goals and concerns.
Listen as Gary and Kathleen discuss scientific research versus hacking "research," programming languages and software security, hacking (or not hacking) autonomous helicopters at DARPA, why machine learning looks pretty similar to how it looked 25 years ago, and more.
Listen as Gary and Bruce discuss ShmooCon, the state of software security books, network security trends, hacking back, the relationship between preventative security engineering and operational security, DevOps, the CISO role, and more.
Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more.