In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what's next for his company.

Paul Roberts of The Security Ledger speaks with Luca Allodi of The University of Eindhoven in The Netherlands about research on the functioning of dark markets. Also: DUO Security researched the trade in phishing toolkits - you'll be surprised at what they learned. And we deconstruct a campaign against the citizen journalism website Bellingcat.com to understand how the Russian Group known as Fancy Bear works.

we talk with Gadi Evron of Cymmetria, which released Mazehunter, a targeted hack-back tool this week about going on offense and staying on the right side of the law. Also: Ryan Kazanciyan of Tanium is one of the talented hackers who help design Mr. Robot's super-realistic hacking scenes. We talk with him about bringing realistic hacks alive on the small screen. And: when Uncle Sam dishes the dirt on a state sponsored campaign against critical infrastructure, what are companies supposed to do with the information? Mark Durfresne of the firm Endgame and Itzik Kotler of the firm Safebreach give us their thoughts.

Security Ledger Editor in Chief Paul Roberts talks about the recently discovered KRACK security hole in Wi-Fi Protect Access with Bob Rudis of Rapid7. Bob has some simple ideas to protect yourself from KRACK attacks. Also: Or Katz of Akamai discusses that firm's research into fast flux botnets, which morph and evolve to evade detection. Finally, Tim Jarrett of CA-Veracode talks about research in Apache Commons Collections, a common and vulnerable open source library that is used in millions of applications.

Security Ledger Editor Paul Roberts speaks with Dave Aitel of Immunity Inc. about the controversy swirling around Russian antivirus firm Kaspersky Lab. Also: Bruce Schneier weighs in on the latest salvo in the war over strong encryption. Finally: Josh Corman of the firm PTC talks about recent hearings on Capitol Hill about guidelines for securing connected devices.

Security Ledger Editor in Chief Paul Roberts discusses the breach at Deloitte and what can be learned about corporations' security just by looking at them through the eyes of a hacker. His guests are Dan Tentler of the firm Phobos, who uncovered some embarrassing security lapses at Deloitte and Stephen Boyer of the firm BitSight, which rates companies based on their security posture.

Security Ledger Editor in Chief Paul Roberts discusses last week's attack on the security software CCLeaner with Michael Gorelik, the Chief Technology Officer at the firm Morphisec, which discovered the compromise. He says that CCleaner may be the tip of the iceberg in supply chain attacks. Also: Paul talks with Grant Wernick of Insight Engines about his company's integration with Splunk and Amazon's Echo. Are voice-based interfaces the future of security?

Security Ledger editor Paul Roberts takes a deep dive into the controversy surrounding data broker Equifax, speaking with experts from the firm Signal Sciences about why web application hacks are so common, and talking with Black Duck about the difficulty companies have keeping tabs on their open source software use. In our final segment, Paul speaks with Deidre Diamond of the placement firm CyberSN and Chris Roberts (@sidragon1) about the controversy surrounding Equifax's CSO's background in music composition - and about what qualities and qualifications make for a good security officer.

Security Ledger Editor in Chief Paul Roberts talks the news of the week including Robert "RSnake" Hansen on the Equifax data breach, Chris Sumner of Online Privacy Association on Facebook's analysis of fake news operations and ASPertise: a consulting firm that specializes in hiring professionals with Aspergers and Autism spectrum disorders.

Security Ledger's Paul Roberts talks with Kyle Wiens of Repair.org about efforts in Massachusetts and other states to pass 'right to repair' laws covering a wide range of connected and Internet of Things devices. Also: Facebook awarded its $100,000 Internet Defense prize to a team from UC Berkeley that came up with a better way to spot spear phishing campaigns. And: Johannes Ullrich of The SANS Internet Storm Center talks about his experiment to see how common attacks on Internet connected Digital Video Recorders are. The results may surprise you.