Podcast: Play in new window | Download (Duration: 39:54 — 45.7MB)Subscribe: Android | Email | Google Podcasts | RSS In this week’s episode (#112): top bug hunters can earn more than $1 million a year from “bounties” paid for information on exploitable software holes in common platforms and applications. What does it take to be among the best? We talk with Jason Haddix of the firm Bug Crowd to find out. Also: The Internet Society’s Jeff Wilbur talks about the new #GetIoTSmart campaign to educate device makers and the public about Internet of Things security.
Podcast: Play in new window | Download (Duration: 33:38 — 38.5MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s episode (#110): the second major flaw in Apache Struts 2 in as many years and has put the information security community on alert. But is this vulnerability as serious as the last, which resulted in the hack of the firm Equifax? We talk with an expert from the firm Synopsys. And: we’ve heard a lot about the risk of cyber attacks on the critical infrastructure used to generate and distribute electricity. But what would happen if someone figured out to how to hack electricity demand? The Internet of Things just might make that possible. We talk to a Princeton University researcher behind a paper that discusses how even small changes in demand can have big consequences for the grid.
In this industry perspective, Dan Lyon and Taylor Armerding of the firm Synopsys discuss the impact of the FDA’s new Medical Device Safety Action Plan, which promises to improve the cyber security of medical devices…eventually.
Podcast: Play in new window | Download (Duration: 31:14 — 35.8MB)Subscribe: Android | Email | Google Podcasts | RSSIn this episode of The Security Ledger Podcast (#98): can sound waves be used to crash a hard drive? We’ll talk to one member of an international team of researchers who showed that, yes they can. And Fractional CISO Rob Black joins us to talk about Internet of Things security standards. With so many to choose from, will we ever see “one standard to rule them all”?
A lot changed in the 4 years between the last two OWASP Top 10 lists. In this end user perspective*, security pro Dino Londis talks about those changes and argues that organizations need to address the most common web application attacks, even as they work to engineer a new generation of secure applications.