Episode 346 – Security and working from home have terrible things in common

Josh and Kurt talk about stories detailing tech working with multiple jobs. This raises some questions about fairness, accountability, and the future of work. As an industry we are very bad at measuring what we do, which is a problem shared with many jobs currently working from home. Show Notes

Why has software supply chain security exploded?

I take a bike ride every morning, it’s a nice way to think about topics of the day. I’ve been wondering lately why software supply chain security has exploded in popularity in the last year or so. Nothing happens by accident, so there must be some series of events we can point at that hasContinue reading “Why has software supply chain security exploded?”

Episode 338 – The government didn’t make vulnerabilities illegal. Yet.

Josh and Kurt talk about the recent National Defense Authorization Act that requires security vulnerabilities to be fixed. What does this mean for us, is it as bad as some people are claiming it is? It’s actually not a huge deal, for most of us it’s really just time to deal with product security. ShowContinue reading “Episode 338 – The government didn’t make vulnerabilities illegal. Yet.”

Episode 336 – We don’t have data, we have security biases

Josh and Kurt talk about our lack of security and some of the data bias problems that can emerge. A lot of what we think is security data is really just biased data. This is OK as long as we understand the data is broken and know this is the first step in a longerContinue reading “Episode 336 – We don’t have data, we have security biases”

Episode 331 – GPG, but nothing makes sense

Josh and Kurt talk about their very silly GPG key management from the past. This is sadly a very true story that details how both Kurt and Josh protected their GPG keys. Josh’s setup is like something out of a very bad spy novel. It was very over the top for a key that reallyContinue reading “Episode 331 – GPG, but nothing makes sense”

Episode 322 – Adam Shostack on the security of Star Wars

Josh and Kurt talk to Adam Shostack about his new book “Threats: What Every Engineer Should Learn From Star Wars”. We discuss some of the lessons and threats in the Star Wars universe, it’s an old code I hear. We also discuss if Star Wars is a better than Star Trek for teaching security (it probably is). It’sContinue reading “Episode 322 – Adam Shostack on the security of Star Wars”