Sign up to save your podcasts
Or
Share DtR Episode 100 - Security Wisdom from Dan Geer
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtR Episode 100 - Security Wisdom from Dan Geer
Send the hosts a message - try it now!
In this episode
- Who is Dan Geer (just in case you live in a cave and don't know)
- Dan's definition of security - "The absence of unmitigatable surprise"
- What exactly is the pinnacle goal of security engineering?
- Responsibility, liability and when software fails as a result of security issues
- In a liability lawsuit - "What did you know, when did you know it?"
- The fraction of the population who could sign an "informed consent" is falling - so now what?
- Why ICANN is actually making all of this so much worse
- What do we do about "abandoned software"?
- Fixing security bugs in software is a tricky business...good, bad, worse
- Are things getting better [in security]?
- Dan talks about a "diversity re-compiler" and how we can make the exploit writer's job harder
- (from Jason White) -What "low hanging fruit" issues are we simply not addressing properly right now?
- (from Jason White) If the Internet were being built from scratch today, what would you keep and throw away?
Guest
- Dan Geer - Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.
Geer is currently the chief information security officer for In-Q-Tel, a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency.
In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. Geer was fired (from consultancy @Stake) the day the report was made public. Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper." --http://en.wikipedia.org/wiki/Dan_Geer
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9696 ratings
Send the hosts a message - try it now!
In this episode
- Who is Dan Geer (just in case you live in a cave and don't know)
- Dan's definition of security - "The absence of unmitigatable surprise"
- What exactly is the pinnacle goal of security engineering?
- Responsibility, liability and when software fails as a result of security issues
- In a liability lawsuit - "What did you know, when did you know it?"
- The fraction of the population who could sign an "informed consent" is falling - so now what?
- Why ICANN is actually making all of this so much worse
- What do we do about "abandoned software"?
- Fixing security bugs in software is a tricky business...good, bad, worse
- Are things getting better [in security]?
- Dan talks about a "diversity re-compiler" and how we can make the exploit writer's job harder
- (from Jason White) -What "low hanging fruit" issues are we simply not addressing properly right now?
- (from Jason White) If the Internet were being built from scratch today, what would you keep and throw away?
Guest
- Dan Geer - Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.
Geer is currently the chief information security officer for In-Q-Tel, a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency.
In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. Geer was fired (from consultancy @Stake) the day the report was made public. Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper." --http://en.wikipedia.org/wiki/Dan_Geer
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Security Now (Audio)
1,966 Listeners
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
Hacked
179 Listeners
CyberWire Daily
1,014 Listeners
Smashing Security
314 Listeners
Click Here
387 Listeners
Darknet Diaries
7,845 Listeners
CISO Series Podcast
186 Listeners
Hacking Humans
313 Listeners
Defense in Depth
78 Listeners
Cyber Security Headlines
118 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners