Sign up to save your podcasts
Or
Share DtR Episode 100 - Security Wisdom from Dan Geer
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtR Episode 100 - Security Wisdom from Dan Geer
In this episode
- Who is Dan Geer (just in case you live in a cave and don't know)
- Dan's definition of security - "The absence of unmitigatable surprise"
- What exactly is the pinnacle goal of security engineering?
- Responsibility, liability and when software fails as a result of security issues
- In a liability lawsuit - "What did you know, when did you know it?"
- The fraction of the population who could sign an "informed consent" is falling - so now what?
- Why ICANN is actually making all of this so much worse
- What do we do about "abandoned software"?
- Fixing security bugs in software is a tricky business...good, bad, worse
- Are things getting better [in security]?
- Dan talks about a "diversity re-compiler" and how we can make the exploit writer's job harder
- (from Jason White) -What "low hanging fruit" issues are we simply not addressing properly right now?
- (from Jason White) If the Internet were being built from scratch today, what would you keep and throw away?
Guest
- Dan Geer - Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.
Geer is currently the chief information security officer for In-Q-Tel, a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency.
In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. Geer was fired (from consultancy @Stake) the day the report was made public. Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper." --http://en.wikipedia.org/wiki/Dan_Geer
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9696 ratings
In this episode
- Who is Dan Geer (just in case you live in a cave and don't know)
- Dan's definition of security - "The absence of unmitigatable surprise"
- What exactly is the pinnacle goal of security engineering?
- Responsibility, liability and when software fails as a result of security issues
- In a liability lawsuit - "What did you know, when did you know it?"
- The fraction of the population who could sign an "informed consent" is falling - so now what?
- Why ICANN is actually making all of this so much worse
- What do we do about "abandoned software"?
- Fixing security bugs in software is a tricky business...good, bad, worse
- Are things getting better [in security]?
- Dan talks about a "diversity re-compiler" and how we can make the exploit writer's job harder
- (from Jason White) -What "low hanging fruit" issues are we simply not addressing properly right now?
- (from Jason White) If the Internet were being built from scratch today, what would you keep and throw away?
Guest
- Dan Geer - Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.
Geer is currently the chief information security officer for In-Q-Tel, a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency.
In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. Geer was fired (from consultancy @Stake) the day the report was made public. Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper." --http://en.wikipedia.org/wiki/Dan_Geer
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Hacked
184 Listeners
Security Now (Audio)
2,001 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,017 Listeners
Smashing Security
322 Listeners
Click Here
416 Listeners
Darknet Diaries
7,999 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
168 Listeners