Clik here to view.
The OWASP Cornucopia Project with Colin Watson
For his most recent project at OWASP, Colin Watson has taken the concept of Microsoft’s ‘Elevation of Privilege’ card game …Continue reading →
View ArticleClik here to view.
The OWASP Top Ten Proactive Controls Project with Jim Bird
The OWASP Top Ten Proactive Controls Project is spearheaded by Jim Bird and Jim Manico. According to Jim Bird, it …Continue reading →
View ArticleClik here to view.
March 26, 2014 – Security Start Ups with Michael Coates
Michael Coates was in Tokyo last week to attend AppSec APAC. While he was away, Verdasys and Cyvera had announcements. …Continue reading →
View ArticleClik here to view.
The OWASP Hacky Easter Challenge with Ivan Bütler
Ivan Bütler and his team at the Hacking Lab have whipped up a fun challenge for the Easter season. The Hacky …Continue reading →
View ArticleClik here to view.
2014 AppSec APAC – Post Mortem (English)
In March 2014, Rio Okada and his team in Japan organized the first AppSec APAC event in Japan. I called Rio to ask how the event went. Joining the conversation with me and Rio is Robert Dracea, Tobias...
View ArticleClik here to view.
4th Annual Open Source Development Survey
It’s only been a week, but preliminary results of the 4th Annual Open Source Development Survey sponsored by NEA, Rugged, Sonatype, Contrast Security and the Trusted Software Alliance show some...
View ArticleClik here to view.
2014 SOURCE Boston Conference: Introduction
For three days this week I am at the SOURCE Conference in Boston covering the sessions, meeting with the vendors and most importantly talking with people in the hallways about what they are working on....
View Article2014 SOURCE Boston Conference: Melissa Elliot on the HeartBleed Bug at Yahoo
The HeartBleed bug is running rampant on many major sites such as Chase and Yahoo while people are scrambling madly to find solutions. At the SOURCE Boston Conference this morning, I caught up with...
View ArticleClik here to view.
Dwayne Melancon: What InfoSec Can Learn from Video Games
Dwayne Melancon, CTO of Tripwire, has an interesting idea: turn your team into gamers, let them build their internal images and support that vision. This isn’t the type of thing you’d expect to hear at...
View ArticleBruce Schneier talks about the shift of power on the internet [AUDIO INTERVIEW]
‘”It’s only metadata” is a mischaracterization that plays into goverment hands.’ — Bruce Schneier At the 2014 Source Conference in Boston, I was able to sit down with Bruce Schneier after his keynote...
View ArticleClik here to view.
Ryan Berg on Post-HeartBleed Password Management
As many of you are already well aware of there has been a serious flaw in OpenSSL that is a foundational open source library used for SSL encryption. There are plenty of places to get more information...
View ArticleAllison Miller and the Society for Information Risk Analysts [AUDIO INTERVIEW]
Allison Miller caught my attention at the end of her session at 2014 Source Boston when she ‘Risk Rolled’ the audience and had them sing along with a talking head embedded in her presentation. I knew...
View ArticleWolfgang Goerlich on a Real World Example of The Phoenix Project in Action
At 2014 SOURCE Boston, Josh Corman told me that Wolfgang Goerlich had an interesting DevOps story to tell. I sat down and spoke with Wolfgang and was astounded to hear a tale that could have come...
View ArticleApril 22, 2014 – A DevOps Point of View with Damon Edwards
In today’s segment, we talk about the long term effects of the HeartBleed incident and acknowledge the highest frequently attacked applications: web apps and point of sales systems. Watch the full...
View ArticleThe Run Up to a Massive Cyber Security Month with Tom Brennan
In anticipation of Security Awareness Month in October, Tom Brennan is planning an event featuring a cross section of various cyber groups in New York and New Jersey. A few weeks ago, I attended a Meet...
View ArticleApril 23, 2014 – The Lone Star State DevOps Edition with James Wickett [VIDEO]
In today’s segment, James tackles the topics of Google end-to-end encryption, and the recent generation of social engineering schemes. Resources for this segment: The Hacker News: Google Working On...
View ArticleApril 24, 2014 – Security from the Inside Looking Out with Chris Eng
In this first installment with Chris Eng, we discuss the new alliance for the funding of open source projects and conclude with how easy it is to hack medical equipment. Resources for this segment:...
View ArticleClik here to view.
OWASP Top 10 Privacy Risks Project with Florian Stahl and Stefan Burgmair
The OWASP Top 10 Privacy Risks Project aims to develop a top 10 list for privacy risks in web applications because currently there is no such catalog available. I spoke with co-leads Florian Stahl and...
View ArticleDwayne Melancon, CTO – A Glimpse of the Future at Tripwire
At Source Conference in Boston last month, I sat down several times with Tripwire CTO Dwayne Melancon. Our discussion centered around his work with the development and engineering teams at Tripwire,...
View ArticleOmkhar Arasaratnam on Open Source Usage within the Large Enterprise
“I think with development practices, such as CI, we’re going to get to a point that rather than having this one, monolithic milestone where you’re given these hundreds of defects, instead the developer...
View Article