Trail of Bits

Companies that make high assurance software - programs whose failure means catastrophic consequences like, a billion dollars disappears, or the rocket ship blows up on the launch pad - are adopting technologies that are a couple of years ahead of the mainstream. When you ask a Trail of Bits engineer about what’s happening, you’re talking to someone who is already operating in the future. In this bonus episode, Trail of Bits engineers discuss trends they are seeing now that the rest of the industry will see in the next 18 to 24 months.

Most people imagine software engineers tapping keyboards in a kombucha-keg filled room. But modern software isn’t written... It’s assembled. Developers write code, but they don't start from scratch - They use open-source code and libraries, developed by a community. Those building blocks are themselves dependent on other pieces of open-source software, which are built atop yet others, and so on. The dependencies of this software supply chain are therefore recursive - ‘nested,’ like a Russian Matryoshka doll. So you ask whether your software is safe, the answer is, "It Depends."

Meet the Trail of Bits interns who represent the next generation of security engineers. They’re creating new tools that will be used by software developers around the world, and updating existing ones to optimize their efficiency. They’re even inspiring their supervisors to write poetry celebrating their accomplishments.

Here's something lots of people like about Bitcoin: Governments can't control it. You can spend your Bitcoin the way you want to, and nobody can stop you. But here's the bad news: That's not true. It turns out that one of the things everybody believes about cryptocurrency is actually wrong. Really wrong. About a year ago, Trail of Bits was engaged by DARPA, the Defense Advanced Research Projects Agency to answer a question. DARPA wanted to know if one of the things that everybody "knows" about cryptocurrency is actually true: Are blockchains really decentralized? This is a key question for cryptocurrencies. And in this episode, we'll explain what the Trail of Bits team found.

Using the procedures from some well-known academic papers, software developers around the world implemented some complicated encryption schemes for banks and exchanges. That encryption protected billions of dollars. But the instructions the developers followed had a fatal flaw. Those billions of dollars were suddenly an easy target for criminal and nation state hackers.

Fortunately for all of us, there's a guy named Jim.

You can now listen to a whole season of Trail of Bits, downloadable wherever you get your podcasts.