POPULARITY
In this episode, Richard Westcott is joined by Simone Schnall, Catherine Molho, and Maximilian Müller to explore a big, everyday question: why do we make the choices we do? From decisions about money and morality to careers and relationships, the conversation digs into what really drives us—whether it's emotions, social pressure, or the stories we tell ourselves after the fact.The conversation explores how physical experiences and emotions like fear or anger can shape our judgement, and how gossip and social norms influence who we trust and how we act. Our experts also discuss how we reshape memories to fit our choices, and how identity can shape what we believe or invest in. It's a fascinating look at what really drives human behaviour—and what that means for how we design policies, technology, the systems we live in, and the role AI might play in shaping our decisions.This episode is hosted by Richard Westcott (Cambridge University Health Partners and the Cambridge Biomedical Campus), and features experts Catherine Molho (IAST), Maximilian Müller (TSE) and Simone Schnall (Cambridge University). Season 4 Episode 8 transcriptListen to this episode on your preferred podcast platform: For more information about the Crossing Channels podcast series and the work of the Bennett Institute and IAST visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Follow us on Linkedin, Bluesky and X. With thanks to:Audio production by Steve HankeyAssociate production by Burcu Sevde SelviVisuals by Tiffany Naylor and Aurore CarbonnelMore information about our host and guests:Podcast hostRichard Westcott is an award-winning journalist who spent 27 years at the BBC as a correspondent/producer/presenter covering global stories for the flagship Six and Ten o'clock TV news as well as the Today programme. Last year, Richard left the corporation and is now the communications director for Cambridge University Health Partners and the Cambridge Biomedical Campus, both organisations that are working to support life sciences and healthcare across the city. @BBCwestcottPodcast guestsCatherine Molho is a psychologist studying human cooperation, social norms, and the role of emotions in decision-making, at IAST. Her work draws upon insights from social and evolutionary psychology, behavioral economics, and anthropology. She uses interactive experiments, experience sampling, and cross-cultural surveys to better understand what shapes cooperative and punitive decisions.Maximilian Müller is a behavioural economist at Toulouse School of Economics where he studies questions in fields such as education, development, and family economics. In his research, he examines social influences on individual behavior and beliefs around big life decisions such as career or fertility choices and explores their potential consequences for society-wide outcomes such as intergenerational transmission and social mobility. Simone Schnall is the Director of the Cambridge Body, Mind and Behaviour Laboratory and Fellow of Jesus College at University of Cambridge. By combining insights and methods from social psychology and cognitive science her research explores how thoughts and feelings interact. She aims to understand how people make judgments and decisions about other people, and about physical properties of the world.
Richard Westcott talks to Jonathan Stieglitz, IAST and Martin White, University of Cambridge, about the global health challenges related to diet and nutrition, the roles of public health policies, cultural practices, and lifestyle changes, while creating sustainable food systems that ensure access to healthy food for all and maintain economic viability.How do we address global health challenges, particularly in relation to diet and nutrition? What role do public health policies, cultural practices and lifestyle changes play in shaping our food choices? How can we create food systems that ensure everyone has access to healthy and sustainable food while maintaining economic viability?To explore these issues, Richard Westcott talks to Prof Martin White, Professor of population health research from the University of Cambridge, and Prof Jonathan Stieglitz, IAST Scientific Director.Season 4 Episode 7 transcriptListen to this episode on your preferred podcast platformFor more information about the Crossing Channels podcast series and the work of the Bennett Institute and IAST visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Follow us on Linkedin, Bluesky and X. With thanks to:Audio production by Steve HankeyAssociate production by Burcu Sevde SelviVisuals by Tiffany Naylor and Aurore CarbonnelMore information about our host and guests:Richard Westcott is an award-winning journalist who spent 27 years at the BBC as a correspondent/producer/presenter covering global stories for the flagship Six and Ten o'clock TV news as well as the Today programme. His last role was as a science correspondent covering the covid outbreak, but prior to that he was the transport correspondent reporting on new technologies such as driverless cars, major accidents and large infrastructure projects. Last year, Richard left the corporation and he is now the communications director for Cambridge University Health Partners and the Cambridge Biomedical Campus, both organisations that are working to support life sciences and healthcare across the city. @BBCwestcottProf Jonathan Stieglitz is an anthropologist specializing in human health and aging. He studies how evolved human biology interacts with variability in the environment to influence well-being over the life course. Since 2004 he has worked with indigenous Tsimane forager-farmers of the Bolivian Amazon, studying how environmental transition (for example, changes in infectious exposures, physical activity levels, or consumption of processed foods) influences diverse health indicators. He co-directs the Tsimane Health and Life History Project. Prof Martin White is an interdisciplinary scientist who leads research on food systems and public health, and has a particular interest in evaluation of population interventions to improve diet and health. He led the NIHR funded evaluation of the Soft Drinks Industry Levy and currently leads two UKRI interdisciplinary consortia on food system transformation (https://www.mandala-consortium.org/ and https://www.salientfoodtrials.uk). He was a visiting fellow at the Bennett Institute for Public Policy in 2020-22 and is a regular contributor to Cambridge University's Centre for Science and Policy (CSaP) Policy Fellows programme for civil servants.
Software Engineering Radio - The Podcast for Professional Software Developers
Tanya Janca, author of Alice and Bob Learn Secure Coding, discusses secure coding and secure software development life cycle with SE Radio host Brijesh Ammanath. This session explores how integrating security into every phase of the SDLC helps prevent vulnerabilities from slipping into production. Tanya strongly recommends defining security requirements early, and discusses the importance of threat modeling during design, secure coding practices, testing strategies such as static, dynamic, and interactive application security testing (SAST, DAST and IAST), and the need for continuous monitoring and improvement after deployment. This episode is sponsored by Codegate.ai
In this episode, Richard Westcott talks to Diane Coyle, Jacques Crémer, and Paul Seabright about Europe's position in competing with the US in technology. They explore the factors shaping Europe's place in the global tech race—how data, policy, investment, competition and culture influence its potential to compete with the US.Our experts unpack the challenges and opportunities for Europe's tech ecosystem. They consider whether Europe should aim to catch up with the US or focus on carving out its own path, questioning what success in innovation really looks like. Along the way, they discuss the role of data, risk-taking, the challenges of scaling up new ideas, and the structural and policy changes needed to support innovation in Europe.This episode is hosted by Richard Westcott (Cambridge University Health Partners and the Cambridge Biomedical Campus), and features experts Diane Coyle (Bennett Institute for Public Policy, University of Cambridge), Jacques Crémer (IAST), Paul Seabright (IAST)Season 4 Episode 6 transcriptListen to this episode on your preferred podcast platformFor more information about the Crossing Channels podcast series and the work of the Bennett Institute and IAST visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Follow us on Linkedin, Bluesky and X. With thanks to:Audio production by Steve HankeyAssociate production by Burcu Sevde SelviVisuals by Tiffany Naylor and Aurore CarbonnelMore information about our host and guests:Podcast hostRichard Westcott is an award-winning journalist who spent 27 years at the BBC as a correspondent/producer/presenter covering global stories for the flagship Six and Ten o'clock TV news as well as the Today programme. Last year, Richard left the corporation and he is now the communications director for Cambridge University Health Partners and the Cambridge Biomedical Campus, both organisations that are working to support life sciences and healthcare across the city. @BBCwestcottPodcast guestsDiane Coyle is the Bennett Professor of Public Policy at the University of Cambridge. Diane co-directs the Bennett Institute where she heads research under the themes of progress and productivity. Diane's new book (April 2025) ‘The Measure of Progress: Counting what really matters' explores how outdated economic metrics are distorting our understanding of today's digital economy. Diane is also a member of the UK Government's Industrial Strategy Council, New Towns Taskforce, and advises the Competition and Markets Authority. She has served previously in a number of public service roles including as Vice Chair of the BBC Trust, member of the Competition Commission, and of the Natural Capital Committee. Diane was awarded a DBE in 2023 for her contribution to economics and public policy. @DianeCoyle1859Jacques Crémer is Professor at the Toulouse School of Economics. He is a Fellow of the Econometric Society and of the European Economic Association. He has been the first director of the Digital Center since 2015. In 2018-2019, as a Special Adviser to European Commissioner Margrethe Vestager, he co-authored the report “Competition Policy for the Digital Era”. Jacques has done fundamental work on planning theory, auctions, incentive t
In this episode of Crossing Channels, Richard Westcott is joined by Dimitri Zenghelis, Ulrich Hege, and Mathias Reynaert to explore how green finance can support the clean transition. They discuss the shifting role of financial markets, the balance between public and private investment, and the policies needed to drive long-term change.Their lively discussion breaks down the economic opportunities of the transition, the impact of regulation on industries like automotive and energy, and the financial and political challenges that come with moving to a low-carbon economy. They also explore why policy credibility and stability are key to unlocking investment and ensuring a fair and effective transition.This episode is hosted by Richard Westcott (Cambridge University Health Partners and the Cambridge Biomedical Campus), and features experts Ulrich Hege (IAST), Mathias Reynaert (IAST) and Dimitri Zenghelis (Bennett Institute for Public Policy). Listen to this episode on your preferred podcast platformSeason 4 Episode 5 transcriptFor more information about the Crossing Channels podcast series and the work of the Bennett Institute and IAST visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Follow us on Linkedin, Bluesky and X. With thanks to:Audio production by Steve HankeyAssociate production by Burcu Sevde SelviVisuals by Tiffany Naylor and Aurore CarbonnelMore information about our host and guests:Richard Westcott is an award-winning journalist who spent 27 years at the BBC as a correspondent/producer/presenter covering global stories for the flagship Six and Ten o'clock TV news as well as the Today programme. Last year, Richard left the corporation and he is now the communications director for Cambridge University Health Partners and the Cambridge Biomedical Campus, both organisations that are working to support life sciences and healthcare across the city. @BBCwestcottUlrich Hege is Professor of Toulouse School of Economics since 2016. He was Director of TSE until 2017 and Vice-President until 2020. His main research area is in Financial Economics, but he also worked on questions in contract theory, entrepreneurship, regulation, law and economics, and digital economics. Prior to joining TSE, he was Professor and Associate Dean at HEC Paris, and held faculty positions at Tilburg University (Netherlands) and ESSEC (Paris). He has also been a Visiting Associate Professor at London Business School and at New York University Stern School of Business. Mathias Reynaert is a Professor of Economics at the Toulouse School of Economics. His fields of interest are empirical industrial organization and environmental economics. His research received recognitions such as the 2015 Paul Geroski and YEEA Prize, the 2022 Edmond Malinvaud Prize, an ERC starting grant (2023-2028), and a 2023 nomination for best young economist in France. He is a research affiliate at the CEPR and an editorial board member at the Review of Economic Studies.Dimitri Zenghelis is Special Advisor to the Bennett Institute, University of Cambridge and a Senior Visiting Fellow at the Grantham Research Institute, London School of Economics. He is also a Partner at Independent Economics. He headed the Stern Review Team at the Office of Climate Change and was a lead author on the Stern Review on the Economics of Climate Change. Previously he was Head of Economic Forecasting at HM Treasury. @DimitriZ
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Jason Geffner, Principal Security Architect at Microsoft, to discuss his groundbreaking work on scaling and automating Dynamic Application Security Testing (DAST). Following on from his BlueHat 2024 session, and outlined in this MSRC blog post, Jason explains the key differences between DAST, SAST, and IAST, and dives into the challenges of scaling DAST at Microsoft's enterprise level, detailing how automation eliminates manual configuration and improves efficiency for web service testing. In This Episode You Will Learn: Overcoming the challenges of authenticated requests for DAST tools The importance of API specs for DAST and how automation streamlines the process Insights into how Microsoft uses DAST to protect its vast array of web services Some Questions We Ask: What's a lesson from this work that you can share with those without Microsoft's resources? Can you explain what the transparent auth protocol is that you mentioned in the blog post? How is your work reducing the manual effort needed to configure DAST system services? Resources: View Jason Geffner on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Blog Post: Scaling Dynamic Application Security Testing (DAST) | MSRC Blog Related BlueHat Session Recording: BlueHat 2024: S10: How Microsoft is Scaling DAST Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Hear Richard Westcott (Cambridge University Health Partners and the Cambridge Biomedical Campus) talk to Gina Neff (Cambridge University), Jeni Tennison (Connected by Data), and Jean-François Bonnefon (IAST) about how data and algorithms are shaping our lives. They explore how these technologies impact work, public services, and decision-making, and raise questions about ethics, fairness, and governance.Listen to this episode on your preferred podcast platformSeason 4 Episode 4 transcriptFor more information about the Crossing Channels podcast series and the work of the Bennett Institute and IAST visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Follow us on Linkedin, Bluesky and X. With thanks to:Audio production by Steve HankeyAssociate production by Burcu Sevde SelviVisuals by Tiffany Naylor and Aurore CarbonnelMore information about our podcast host and guestsRichard Westcott is an award-winning journalist who spent 27 years at the BBC as a correspondent/producer/presenter covering global stories for the flagship Six and Ten o'clock TV news as well as the Today programme. In 2023, Richard left the corporation and is now the communications director for Cambridge University Health Partners and the Cambridge Biomedical Campus, both organisations that are working to support life sciences and healthcare across the city. @BBCwestcottJean-François Bonnefon, CNRS senior research director, is a cognitive psychologist whose work spans computer science, psychology, and economics, reflected in his more than 100 publications. Renowned for his expertise in moral preferences and decision-making, he is particularly recognised for his contributions to the ethics of advanced artificial intelligence, especially in autonomous driving. In 2024, he was appointed Director of the Social and Behavioral Sciences Department (SBS) at TSE and the Institute of Advanced Studies in Toulouse (IAST). He is affiliated with TSE, IAST, the Toulouse School of Management, and the Artificial and Natural Intelligence Toulouse Institute (ANITI).Gina Neff is Professor of Responsible AI at Queen Mary University London and Executive Director of the Minderoo Centre for Technology & Democracy at the University of Cambridge. She is the Deputy Chief Executive Officer for UKRI Responsible AI UK (RAi) and Associate Director of the ESRC Digital Good Network. Her award-winning research focuses on how digital information is changing our work and everyday lives. Her books include Venture Labor (MIT Press 2012), Self-Tracking (MIT Press 2016) and Human-Centered Data Science (MIT Press 2022).Jeni Tennison is an Affiliated Researcher at the Bennett Institute for Public Policy, and the founder of Connected by Data. She is a Senior Fellow at the Centre for International Governance Innovation, an adjunct Professor at Southampton's Web Science Institute, a Shuttleworth Foundation Fellow, and a co-chair of GPAI's Data Governance Working Group. She sits on the Boards of Creative Commons and the Information Law and Policy Centre.
In this episode, Richard Westcott (Cambridge University Health Partners and the Cambridge Biomedical Campus) talks to David Runciman (University of Cambridge), Kristin Michelitch (IAST) and Ahmed Mohamed (IAST) about the decline in democracy indexes worldwide, the cultural, technological, and institutional factors driving these trends, and whether they can be reversed.Our experts explore the meaning of democracy and the reasons behind the decline of democracy indexes. They examine the impact of technology, media, culture, and religion on reshaping politics and shaping the future of democratic systems. Season 4 Episode 3 transcriptListen to this episode on your preferred podcast platformFor more information about the Crossing Channels podcast series and the work of the Bennett Institute and IAST visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Follow us on Linkedin, Bluesky and X. With thanks to:Audio production by Steve HankeyAssociate production by Burcu Sevde SelviVisuals by Tiffany Naylor and Aurore CarbonnelMore information about our host and guests:Richard Westcott is an award-winning journalist who spent 27 years at the BBC as a correspondent/producer/presenter covering global stories for the flagship Six and Ten o'clock TV news and the Today programme. In 2023, Richard left the corporation and is now the communications director for Cambridge University Health Partners and the Cambridge Biomedical Campus, both organisations that are working to support life sciences and healthcare across the city. @BBCwestcottKristin Michelitch is an Associate Professor of Political Science in the Social and Behavioral Sciences Department at the Toulouse School of Economics and Quantitative Social Sciences (TSE), and a member of the Institute for Advanced Study in Toulouse (IAST), France. Her research investigates sources of, and solutions to, intergroup tensions and poorly functioning democratic processes in contexts where government institutions are not adequately safeguarding democracy and delivering vital public services. @KGMichelitch Ahmed Ezzeldin Mohamed is an Assistant Professor of Political Science. Previously, he was a postdoctoral research scholar at the Center on Democracy, Development, and the Rule of Law (CDDRL) at Stanford University. =Ahmed's primary research focuses on the role of religion in the political and economic development of less democratic societies, with a special focus on the Middle East and the Muslim World. David Runciman is a recovering academic and fully committed podcaster. He worked at Cambridge University for nearly 25 years, winding up as Professor of Politics. He has authored several books, most recently, The History of Ideas: Equality, Justice and Revolution (2024). David established the Centre for the Future of Democracy as part of the Bennett Institute for Public Policy.. David hosts the weekly politics podcast “Past Present Future” and was elected a Fellow of the British Academy in 2018 and the Royal Society of Literature in 2021.
In this episode, Richard Westcott talks to Gordon Harold, Anna Moore, and Olympia Campbell. about the growing rates of mental health issues among young people. They discuss the key determinants and the most effective ways to support young people's mental health.Our experts examine whether mental health among young people is truly worsening or if we're simply getting better at identifying it. They unpack the key factors shaping mental health today, delve into the role of the digital world, and discuss how policies can evolve to expand support and access to services for young people.This episode is hosted by Richard Westcott (Cambridge University Health Partners and the Cambridge Biomedical Campus), and features experts Prof Gordon Harold (University of Cambridge), Dr Anna Moore (University of Cambridge) and Dr Olympia Campbell (IAST). Season 4 Episode 2 transcriptListen to this episode on your preferred podcast platform: For more information about the Crossing Channels podcast series and the work of the Bennett Institute and IAST visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Follow us on Linkedin, Bluesky and X. With thanks to:Audio production by Steve HankeyAssociate production by Burcu Sevde SelviVisuals by Tiffany Naylor and Aurore CarbonnelMore information about our host and guests:Richard Westcott is an award-winning journalist who spent 27 years at the BBC as a correspondent/producer/presenter covering global stories for the flagship Six and Ten o'clock TV news as well as the Today programme. In 2023, Richard left the corporation and is now the communications director for Cambridge University Health Partners and the Cambridge Biomedical Campus, both organisations that are working to support life sciences and healthcare across the city. @BBCwestcottGordon Harold is the inaugural Professor of the Psychology of Education and Mental Health at the University of Cambridge. His research focuses on three areas: the impact of family dynamics on child and adolescent mental health, the interaction between genetic and family factors, and the promotion of evidence-based practices to enhance youth mental health outcomes. He serves on several advisory groups, including the UKRI-ESRC's Data and Infrastructure Expert Advisory Group and the Department for Work and Pensions Science Advisory Committee, and he advises various UK and international government departments and scientific committees.Anna Moore is a UKRI Future Leaders Fellow, Assistant Professor in Child Psychiatry and Medical Informatics in the Department of Psychiatry, University of Cambridge and Clinical Consultant in Paediatric Psychological Medicine. Dr. Moore's group, Timely, is developing a new preventative approach for managing children's mental health problems. To make this possible, the Timely team is building the infrastructure and systems required to enable rapid digital innovation and implementation in paediatrics. Olympia Campbell is a Research Fellow at the IAST. She received a PhD from University College London in 2023 prior to joining. Her research focuses on elucidating the ecological and demographic correlates and causes of gender-biased outcomes, with a particular focus on the role of marriage practices, such as cousin marriage. Of key interest to this research is how kinship intensity can alter the intensity of different forms of evolutionary conflicts such as sexual, parent-offsprin
To kickstart Season Four of Crossing Channels, Richard Westcott (Cambridge University Health Partners and the Cambridge Biomedical Campus) talks to Prof Alison Liebling (University of Cambridge), Prof Nicola Padfield (University of Cambridge) and Prof Arnaud Philippe (University of Bristol, former IAST fellow) about the growing prison population, the prison experience, and the most effective ways to rehabilitate ex-offenders.Our experts discuss why the prison population is growing and the similarities and differences across European countries. They share their expertise on the impact of the prison environment and the privatisation of prisons for rehabilitation. They also identify best practices for effectively rehabilitating and reintegrating ex-offenders into society. Season 4 Episode 1 transcriptFor more information about the Crossing Channels podcast series and the work of the Bennett Institute and IAST (Institute for Advanced Study in Toulouse) visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Follow us on Linkedin, Bluesky and X. With thanks to:Audio production by Steve HankeyAssociate production by Stella Erker and Burcu Sevde SelviVisuals by Tiffany Naylor and Aurore CarbonnelMore information about our host and guests:Richard Westcott is an award-winning journalist who spent 27 years at the BBC as a correspondent/producer/presenter covering global stories for the flagship Six and Ten o'clock TV news as well as the Today programme. Last year, Richard left the corporation and he is now the communications director for Cambridge University Health Partners and the Cambridge Biomedical Campus, both organisations that are working to support life sciences and healthcare across the city. @BBCwestcottAlison Liebling is Professor of Criminology and Criminal Justice at the University of Cambridge and the Director of the Institute of Criminology's Prisons Research Centre. She has carried out research on life in prison for over 30 years. She has written multiple books and is currently completing one on ‘Moral rules, social science and forms of order in prison'. She was made a member of the British Academy in 2018. @AlisonLieblingNicola Padfield KC (Hon) is Emeritus Professor of Criminal and Penal Justice at the Law Faculty, University of Cambridge, where she has worked for more than 30 years. She has a broad research lens, engaged in both ‘hard' law and in socio-legal-criminological research. She is a leading European expert on sentencing law, including the law and practice of release from (and recall to) prison. A barrister by training, she has published widely on criminal law, sentencing and criminal justice.Arnaud Philippe is an Associate Professor at the School of Economics of the University of Bristol. He studies the criminal justice system to better understand the determinants of criminal behaviour, how judicial decisions are made, and the consequences of sanctions on individuals. He is currently an associate researcher at the French Penitentiary Administration, where he explores the effect of carceral experience on recidivism. @ArnaudPhilipp
In this episode of the DevSecOps Podcast, our host engages in a fascinating conversation with experts from Kodem about the cutting-edge world of Runtime Application Security. As applications become increasingly complex and cyber threats evolve, traditional security measures often fall short. Our guests from Kodem discuss how this kind of solution provides a dynamic layer of security by continuously monitoring and protecting applications in real-time. Listeners will gain insights into the technical underpinnings of runtime security, its advantages over traditional security solutions, and practical implementation strategies. The episode delves into real-world scenarios where runtime security has thwarted sophisticated attacks, demonstrating its effectiveness in maintaining application integrity and protecting sensitive data. Whether you're a seasoned DevSecOps professional or new to the field, this episode offers valuable perspectives on enhancing your security posture with runtime security. Tune in to learn how integrating this technology can fortify your defenses and keep your applications safe from emerging threats.
In this episode, Rory Cellan-Jones discusses with Dr Lauren Wilcox, Dr Felix Dwinger, and Dr Giacomo Lemoli why the world is protesting so much, how protesting has changed over time, and what impact protest movements are having on policymaking.Delving into the surge of protests across democratic and autocratic regimes, they examine why people are taking to the streets. They draw on insights from historic protests to explore the factors that contribute to the success of protest movements and progressive social change.This episode is hosted by Rory Cellan-Jones (former technology correspondent for the BBC), and features guest experts Lauren Wilcox (University of Cambridge), Felix Dwinger (IAST) and Giacomo Lemoli (IAST). Season 3 Episode 8 transcriptListen to this episode on your preferred podcast platform: For more information about the podcast and the work of the institutes, visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Tweet us with your thoughts at @BennettInst and @IASToulouse.With thanks to:Audio production by Steve HankeyAssociate production by Stella ErkerVisuals by Tiffany Naylor and Kevin Sortino More information about our host and guests:Rory Cellan-Jones was a technology correspondent for the BBC. His 40 years in journalism have seen him take a particular interest in the impact of the internet and digital technology on society and business. He has also written multiple books, including “Always On” (2021) and his latest “Ruskin Park: Sylvia, Me and the BBC” which was published in 2023. @ruskin147Dr Felix Dwinger is a Postdoctoral Research Fellow at the Institute of Advanced Study in Toulouse. His research focuses on autocratic politics and democratic backsliding using game theory and causal inference from observational data. He holds a PhD from the Department of Political Science at the University of Gothenburg, Sweden. While pursuing his PhD, he was a Visiting Assistant Researcher at Yale and a Guest Doctoral Researcher at the University of Konstanz, Germany. @DwingerFelixDr Giacomo Lemoli is a Postdoctoral Research Fellow at the Institute for Advanced Study in Toulouse. He holds a PhD in Politics from New York University and a MSc in Economic and Social Sciences from Bocconi University. His research studies the construction and change of group identities, and their implications for political competition, mobilization, and development in contemporary societies. He is particularly interested in how political elites and mass media shape the salience of ethnic and linguistic boundaries, and in how collective memories affect behavior. He uses econometric tools for causal inference on contemporary and archival data, as well as original surveys. His research has been funded by UNU-WIDER and the Institute for Humane Studies. @giacomolemDr Lauren Wilcox is Associate Professor in Gender Studies, Director of the University of Cambridge Centre for Gender Studies, and a fellow of Selwyn College, Cambridge. Lauren researches political violence, subjectivity, and embodiment from the perspective of feminist and queer theory. Lauren's first major work, ‘Bodies of Violence: Theorizing Embodied Subjects in International Relations', addresses a deep irony in war/security studies: that while war is actually inflicted on bodies, or bodies are explicitly protected, there is a lack of attention to the embodied dyn
Não tem o que falar, assista / ouça, faça o download e comece utilizar hoje mesmo o AppSec Calendar. Baixar agora - https://cassiodeveloper.com.br/assets/downloads/AppSec-Calendar.jpg Acessar a versão com tags - https://onlysecfans.com.br/
In this episode, Rory Cellan-Jones (former technology correspondent for the BBC) chats with Verity Harding (Bennett Institute for Public Policy), Gina Neff (Minderoo Centre for Technology and Democracy), and Lawrence Rothenberg (IAST and University of Rochester), about artificial intelligence (AI) and the fine balance between innovation and regulation. Together, they explore what makes 'good' regulation and the crucial role of global collaboration in shaping the future of AI.They share the latest developments of AI regulation in the UK, US and EU, emphasising the need for effective regulation to address the risks of AI. They also discuss what regulators can learn from past tech revolutions, like in vitro fertilisation, and highlight the critical importance of collaboration to ensure AI improves people's living and working conditions. Season 3 Episode 7 transcriptListen to this episode on your preferred podcast platformFor more information about the podcast and the work of the institutes, visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/Tweet us with your thoughts at @BennettInst and @IASToulouseWith thanks to:Audio production by Steve HankeyAssociate production by Stella ErkerVisuals by Tiffany Naylor and Kevin Sortino More information about our host and guests:Rory Cellan-Jones was a technology correspondent for the BBC. His 40 years in journalism have seen him take a particular interest in the impact of the internet and digital technology on society and business. He has also written multiple books, including “Always On” (2021) and his latest Ruskin Park: Sylvia, Me and the BBC which was published in 2023. Verity Harding is a globally recognised expert in AI, technology and public policy. She is currently Director of the AI and Geopolitics Project (AIxGEO) at the Bennett Institute for Public Policy. She is also Founder of Formation Advisory Ltd, a tech consultancy firm. Her debut book is AI Needs You: How we can change AI's future and save our own (Princeton University Press 2024). Professor Gina Neff is the executive director of the Minderoo Centre for Technology and Democracy at the University of Cambridge. Her research focuses on the effects of the rapid expansion of our digital information environment on workers, workplaces, and our everyday lives. Her books include Venture Labor (MIT Press 2012), Self-Tracking (MIT Press 2016) and Human-Centered Data Science (MIT Press 2022).Lawrence Rothenberg is a member of the Scientific Council of the IAST and has been a member of the faculty at the University of Rochester for roughly three decades (1989-2002, 2005-present). He began his career in the Division of Humanities and Social Sciences at Cal Tech, and from 2002-2005 was the Max McGraw Distinguished Professor of Environmental Management in the Department of Management and Strategy and the Co-Director of the Ford Center for Global Citizenship at the Kellogg School of Business at Northwestern University.
Rory Cellan-Jones talks to Jean-Paul Azam, Diane Coyle and Andy Westwood about the potential of universal basic income to tackle regional inequalities, boost economic growth in ‘left behind' and growing places, and rebuild democracy. This episode unpacks why current policies are failing to tackle regional inequalities and how a universal basic infrastructure might boost productivity across all places. Leading experts examine the value of infrastructure in different country contexts and how different levels of various departments and government could work together to deliver a universal basic infrastructure in all places. Listen to this episode on your preferred podcast platform Season 3 Episode 4 transcriptFor more information about the podcast and the work of the institutes, visit our websites at www.bennettinstitute.cam.ac.uk and www.iast.fr Tweet us with your thoughts at @BennettInst and @IASToulouseWith thanks to: Audio production by Steve HankeyAssociate production by Stella ErkerVisuals by Tiffany NaylorRelevant links:Townscapes: A Universal Basic Infrastructure for the UK by Coyle, D., Erker, S. and Westwood, A. Bennett Institute (2023).A Universal Basic Infrastructure in the UK by Coyle, D., Erker, S. and Westwood, A. Bennett Institute (2023). To Fight Populism, Invest in Left-Behind Communities by Coyle, D. Project Syndicate (2023). More information about our host and guests:Rory Cellan-Jones was a technology correspondent for the BBC. His 40 years in journalism have seen him take a particular interest in the impact of the internet and digital technology on society and business. His latest book is “Ruskin Park: Sylvia, Me and the BBC”. @ruskin147Jean-Paul Azam is a professor of economics Emeritus at the Toulouse School of Economics, University of Toulouse and a member of IAST. After publishing mainly on the macroeconomics of Africa, he has focused since the mid-1990s on explaining violent conflict and its prevention, with application to foreign aid, civil war, and transnational terrorism.Diane Coyle is the Bennett Professor of Public Policy at the University of Cambridge. Diane co-directs the Bennett Institute where she heads research under the themes of progress and productivity. Her latest book is ‘Cogs and Monsters: What Economics Is, and What It Should Be‘ on how economics needs to change to keep pace with the twenty-first century and the digital economy. @DianeCoyle1859Andy Westwood is Professor of Government Practice at the University of Manchester and a Director of the ESRC funded Productivity Institute. He has worked as an expert adviser to the EU, OECD and IMF, as well as a specialist adviser to the Select Committees on Economic Affai
Plunge into the thrilling world of application security with Kyle Hankins, a seasoned expert in the field. In a riveting conversation, Kyle delves into the intricate dance between red team offense and blue team defense strategies, unraveling how they shape the backbone of robust app security. But here's where it gets even more fascinating – AI's emerging role in this high-stakes domain. With AI being a hotly debated topic in both application and network security, Kyle sheds light on its potential pitfalls and promises. Join us for this deep dive with Kyle Hankins, where we peel back the layers of this complex, ever-evolving landscape. 0:00 Intro 1:09 Kyle's background 6:28 Differences in security testing 8:11 Mobile app testing and SAST 13:02 SAST vs DAST 19:33 Culture change in infosec 21:06 Shifting to the left 23:44 Security an AI 29:25 Reducing time to the X 36:25 AI to estimate more accurate time to fix 39:42 Faster detection rates 40:47 The good and bad with AI predictions 55:22 AI without metacognition and laziness 1:04:28 OWASP LLM Top 10 1:05:53 Whitehouse executive order on AI 1:09:26 Speaking like an LLM 1:14:24 Reducing dwell time 1:19:24 SAST and LLMs 1:22:57 Threat modeling and IAST 1:38:58 Non-determinism and static rules 1:44:56 Outro
Rory Cellan-Jones (host) talks to Ingela Alger (IAST) and Flavio Toxvaerd (University of Cambridge) about the drivers of research silos, the merits of conducting interdisciplinary research and how to overcome disciplinary divides. This episode takes a look at why academic research is trapped in research silos. Ingela Alger and Flavio Toxvaerd engage in a thoughtful discussion with Rory Cellan-Jones, to shed light on the challenges faced in conducting interdisciplinary research. They emphasize the significant benefits that interdisciplinarity can bring and share insight into how to foster interdisciplinary research culture for improved results. Listen to this episode on your preferred podcast platformSeason 3 Episode 2 transcriptFor more information about the podcast and the work of the institutes, visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/Tweet us with your thoughts at @BennettInst and @IASToulouse.With thanks to:Audio production - Steve HankeyAssociate production - Stella ErkerVisuals - Tiffany NaylorMore information about our host and guests:Rory Cellan-Jones was a technology correspondent for the BBC. His 40 years in journalism have seen him take a particular interest in the impact of the internet and digital technology on society and business. He has also written multiple books, including his latest “Always On” which was published in 2021. @ruskin147Ingela Alger is a CNRS Senior Scientist (DR) in Economics, and the current Director of the Institute for Advanced Study in Toulouse (IAST) as well as the Chair of the Department in Social and Behavioral Sciences. Her research, which has been published in international peer-reviewed journals such as the American Economic Review, Econometrica, and PNAS, focuses on the evolutionary foundations of human preferences, when these are transmitted from generation to generation and are subject to selection. @ingelaalger Flavio Toxvaerd is a Professor of Economics and Public Policy at the Faculty of Economics, University of Cambridge, a Fellow of Clare College and an Affiliated Researcher with the Bennett Institute for Public Policy. He serves as UKRI Policy Fellow in Competition and Productivity Economics with the Competition and Markets Authority. His research and teaching interests are in microeconomics and game theory with applications, including industrial organisation, competition policy and economic epidemiology. @toxvaerd1If you enjoyed this podcast then check out:Crossing Channels S2E5 featuring Sarah Dillon and Manvir Singh: Why are Stories important for society.
Jeff Willams of Contrast Security joins Chris and Robert on the Application Security Podcast to discuss runtime security, emphasizing the significance of Interactive Application Security Testing (IAST) in the modern DevOps landscape. After reflecting on the history of OWASP, the conversation turns to the challenges organizations face in managing their application security (AppSec) backlogs. Jeff highlights the alarming number of unresolved issues that often pile up, emphasizing the inefficiencies of traditional security tools.Jeff champions IAST, and here are a few highlights that he shares. IAST is ideally suited for DevOps by seamlessly transforming regular test cases into security tests. IAST can provide instant feedback, leading to a Mean Time To Repair (MTTR) of just three days across numerous applications. Unlike Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST), which can take hours or even days, IAST can complete security testing during the build, fitting within the tight SLAs of modern pipelines.IAST offers developers comprehensive insights, which aids in a better understanding and quicker resolution of the identified issues. It is also adaptable, as IAST can detect vulnerabilities before they are exploited. Jeff argues that IAST's ability to work with existing test cases and provide rapid feedback makes it a perfect fit for the fast-paced DevOps environment.Jeff emphasizes that while runtime security can be a game-changer, it doesn't replace other essential aspects of AppSec programs, such as training. In conclusion, Jeff Williams champions IAST as a revolutionary tool in the application security domain. Its adaptability, efficiency, and depth of insights make it a must-have in the toolkit of modern developers and security professionals.Links:Jeff on LinkedIn: https://www.linkedin.com/in/planetlevel/Java Observability Toolkit (JOT): https://github.com/planetlevel/jotIdentified by John Wilander: https://www.amazon.com/IDENTIFIED-hacker-thriller-headlines-newspapers/dp/B09NRF399JVenture in Security article about circle stickers: https://ventureinsecurity.net/p/solving-the-circle-sticker-problemFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Leading experts, Sam Gilbert Bennett Institute), César Hidalgo (IAST) and Jeni Tennison (Bennett Institute) talk to podcast host Rory Cellan-Jones (former technology correspondent for the BBC) about the latest developments of emerging forms of technologies, their opportunities and harms, and what policymakers can do to mitigate the associated risks. This episode unpacks the most recent advancements of generative artificial intelligence and the metaverse, their policy implications, and the role of policymaking and legislation in this sphere. Our guests highlight the need for deliberative and participatory governance structures to facilitate the development and use of new technologies. Season 2 Episode 8 transcriptFor more information about the Crossing Channels podcast series and the work of the institutes, visit our websites at www.bennettinstitute.cam.ac.uk and www.iast.frTweet us with your thoughts at @BennettInst and @IASToulouse.Audio production by Steve HankeyAssociate production by Stella ErkerVisuals by Thomas DevaudMore about our guests:Rory Cellan-Jones is a former technology correspondent for the BBC. His 40 years in journalism saw him take a particular interest in the impact of the internet and digital technology on society and business. He has written multiple books, including his latest, Always On, which was published in 2021. @ruskin147Sam Gilbert is an entrepreneur and an Affiliated Researcher at the Bennett Institute, working at the intersection of politics and technology. He is the author of the book Good Data and recent policy briefs on the Online Safety Bill, and Crypto, Web3 and the Metaverse. @samgilbCésar Hidalgo leads the Center for Collective Learning at the Artificial and Natural Intelligence Institute (ANITI) of the University of Toulouse. He is an Associate Member at IAST, Toulouse School of Economics, an Honorary Professor at the University of Manchester, a Visiting Professor at Harvard's School of Engineering and Applied Sciences, and a founder of Datawheel. César is author of Why Information Grows (Basic Books, 2015), The Atlas of Economic Complexity (MIT Press, 2014), and How Humans Judge Machines (MIT Press, 2021). @cesifotiJeni Tennison OBE is the founder and Executive Director of Connected by data, an initiative that aims to put community at the heart of data narratives, practices and policies. Jeni is also the co-chair of the Data Governance Working Group at the Global Partnership on AI, and undertakes work as an Affiliated Researcher at the Bennett Institute for Public Policy and a Shuttleworth Foundation Fellow. @JeniT
Nikki: I have to start with an article you wrote a couple of years ago, about how we explain and provide context around vulnerabilities. I love the analogy of a 'vulnerability recipe' and how we can step through an explanation of vulnerabilities. Can you talk a little bit about the process and what compelled you to explore this topic? Nikki: I saw you spoke to Ron Ross recently, we had him on the show last year talking about cyber resiliency and of course software supply chain. Can you talk a little bit about security assurance and what that means to both developers and security practitioners? Chris: You've been a leader in the AppSec space for some time, particularly focusing on capabilities and tooling such as IAST. For folks not familiar with IAST, can you explain what it is and the value it adds over say SAST and DAST?Chris: I know you and I have exchanged messages and comments about Software Supply Chain Security and SBOM. What are your thoughts about where were headed on this front as an industry?Chris: With the release of the National Cyber Strategy yesterday I of course have to ask your initial thoughts. First more broadly, about the overall sentiment of the strategy and also about specific areas, such as increased requirements on software vendors and technology providers to produce secure products and the potential for increased liability.Nikki: It looks like you had a pretty lengthy time with OWASP - can you talk about some of the work you did there and the work that OWASP does? I think people typically equate OWASP with the OWASP top ten, but there are so many free resources and tools available for developers and security professionals. Chris: Given your past involvement of a decade with OWASP in its early growth, any thoughts on the recent open letter we saw sent to the OWASP leadership?Nikki: Can you talk a little bit more about Contrast security and the type of work you all do? Would like to hear more about what the company has going on and anything else you may have coming up.Chris: Continuing on with Contrast, I am interested in the founders journey a bit. Contrast has been around for nearly a decade and is now up to several hundreds of employees. What has that journey been like and what are some of the major ways the industry has, or hasn't changed during that time?
Wir alle wollen sicherstellen, dass unserer Anwendungen sicher sind. Da leider nicht alle von uns Expertinnen und Experten für Application Security sind, ist der Einsatz von Application Security Tools unverzichtbar. Wer jedoch in das Thema einsteigt, stößt schnell auf viele Abkürzungen wie SCA, SAST, DAST oder auch IAST. In dieser Folge erklären wir die wichtigsten Kategorien von Security Tools, besprechen ihren Einsatzzweck sowie Vor- und Nachteile. Wie steht es bei euch um die Sicherheit eurer Anwendungen? Lasst es uns gerne wissen. Ihr wollt uns etwas Gutes tun? Spendiert uns gerne einen Kaffee: www.buymeacoffee.com/todocast Links: Blog Post zu Shift Security Left: https://medium.com/@cloud_tips/shift-left-security-devops-db57618dbb4d Free for Open Source Application Security Tools: https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools Malte auf Twitter: https://twitter.com/MalteLantin Robin-Manuel auf Twitter: https://twitter.com/robinmanuelt Feedback und Anregungen: todopodcast@outlook.com
Rory Cellan-Jones and leading experts Maria Kleshnina, Daniel Nettle and Amy Orben discuss the drivers of cooperation and how online and offline environments are impacting human behaviour. This podcast unpacks the facilitators and inhibitors of cooperative behaviours to tackle wicked problems and the impact of our environment on cooperation. Our guests from the University of Cambridge, Institute for Advanced Study in Toulouse, and École Normale Supérieure-PSL, explore how megatrends, such as digitalisation and inequality, impact cooperation and the policy levers needed to achieve positive societal change. This episode is hosted by Rory Cellan-Jones (former technology correspondent for the BBC), and features Maria Kleshnina (IAST), Daniel Nettle (L'École normale supérieure - PSL) and Amy Orben (University of Cambridge). Listen to this episode on your preferred podcast platformSeason 2 Episode 6 transcriptFor more information about the podcast and the work of the institutes, visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/Tweet us with your thoughts at @BennettInst and @IASToulouse.Audio production by Steve HankeyAssociate production by Stella ErkerVisuals by Thomas DevaudMore information about our guests:Dr Maria Kleshnina is a postdoctoral research fellow at the IAST. Her research focuses on behavioural aspects in evolutionary game theory. She is interested in the evolution of behavioural strategies and learning, especially, in the presence of inequality. Before joining IAST, she was a member of the research group of Krishnendu Chatterjee at the Institute of Science and Technology Austria and a visiting researcher in the Behavioral Economics group at the Institute for Advanced Studies in Vienna. Professor Daniel Nettle is a researcher in the Evolution and Social Cognition team at the École Normale Supérieure-PSL, Professor of Behavioural Science at Newcastle University and a member of the scientific committee at the IAST. His research focuses on a number of different topics relating to behaviour, cognition, society and health.Dr Amy Orben is a Programme Leader Track Scientist at the MRC (Medical Research Council) Cognition and Brain Sciences Unit, University of Cambridge and a Research Fellow at Emmanuel College, University of Cambridge. She leads the Digital Mental Health programme at the MRC Cognition and Brain Sciences Unit. Amy's research uses large-scale data to examine how digital technologies affect adolescent psychological wellbeing and mental health. @OrbenAmy
Ахи́мса (санскр. अहिंसा, IAST: ahiṃsā, пали avihiṃsā) — древний индийский принцип поведения и образа действий, при которых первым требованием является ненанесение вреда — невреждение, ненасилие. Это ключевая добродетель в индуизме, буддизме и джайнизме. Слово произошло от санскритского корня hiṃs — «бить»; hiṃsā — «наносить вред», «разрушение». A-hiṃsā — отрицание, то есть «не причинять вреда». Ахимса определяется как поведение, ведущее к уменьшению зла в мире, направленное против самого зла, а не против людей, его творящих (отсутствие ненависти). Ахимса состоит в отказе от причинения вреда (убийства, насилия) всему живому (людям, животным) действием, словом и мыслью. Принцип ахимсы приобрел особую важность в индийской религиозной мысли начиная с середины I тыс. до н. э., когда представители новых направлений: адживики, а затем джайнизма и буддизма, выступили против ведийской практики ритуальных жертвоприношений с закланием животных. К III веку до н. э. концепция ахимсы занимает настолько центральное место в индийской культуре, что царь Ашока в своей попытке унифицировать все конфессии посвятил ей первые два из своих наскальных эдиктов. Ахимса в разных религиозных системах Распространено в виде обета во многих восточных духовных школах, таких как буддизм, джайнизм, индуизм и йога. Джайнизм В джайнизме доктрина и практика ахимсы разработана наиболее глубоко. Для джайнистов это основной обет, из которого вытекают все остальные. Представление о всеобщей одушевленности природы определяет всеохватность принципа ненанесения вреда живому. Ахимса для практикующих выражается не только в диетических ограничениях, таких как строго вегетарианская диета, но и в других формах. Как недопустимое занятие, причиняющее вред живому, может рассматриваться не только рыболовство, но даже и землепашество. Часть наиболее ревностных джайнистов используют специальные повязки на рот для предотвращения случайного попадания туда живых существ, а передвигаются, подметая метёлкой дорожку перед собой, чтобы случайно не наступить на живое существо. Первостепенная важность ахимсы выражается в том, что она рассматривается как основа любых обетов: подверженность страстям видится как насилие (химса) над душой того, кто их испытывает; ахимса становится и критерием истинности любого учения: любая доктрина, допускающая нарушение этого первопринципа по любой причине, объявляется «учением недостойных». Буддизм Буддизм способствовал нравственному развитию индийского общества. Именно буддизм (и другая религия шраманского происхождения — джайнизм) впервые провозгласили принцип ахимсы — ненасилия и непричинения вреда живым существам, усвоенный позднее индуизмом. Эту заслугу буддизма признала и индуистская брахманская ортодоксия: обожествив Будду в качестве девятого аватара (воплощения) бога Вишну, брахманы определили его миссию как проповедь сострадания к живым существам и запрет ритуальной практики принесения в жертву животных. В «Чунда-сутте» (АН 10.176) перечислены 10 основных негативных карм (неблагих действий, от которых следует воздерживаться). Первая негативная карма: уничтожение жизни, жестокость, кровожадность, насилие, побои, беспощадность к живым существам.▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ❤️ Поблагодарить и записаться на сатсанг можно тут: ➡️ https://daniel-che.xyz/donate/ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Rory Cellan-Jones and leading experts Charlotte Cavaillé, Ailbhe McNabola and Jack Shaw discuss the causes of income and regional inequality, why policymakers should care, and what policy interventions work best to reduce them.Guests discuss recent trends in income and regional inequality, and evaluate the effectiveness of different policy approaches. They debate the opportunities and challenges of (de)centralisation, what works best to revive ‘left behind' places, and whether the assumptions built into the Levelling Up White Paper will deliver to reduce inequalities. This episode is hosted by Rory Cellan-Jones (former technology correspondent for the BBC), and features guest experts Professor Charlotte Cavaillé (Ford School of Public Policy, University of Michigan and IAST), Ailbhe McNabola (Bennett Institute for Public Policy and Power to Change) and Jack Shaw (Bennett Institute for Public Policy). Season 2 Episode 3 transcriptFor more information about the podcast and the work of the institutes, visit our websites at https://www.bennettinstitute.cam.ac.uk/ and https://www.iast.fr/.Tweet us with your thoughts at @BennettInst and @IASToulouse.Audio production by Steve Hankey.Associate production by Stella Erker. Visuals by Thomas Devaud. Relevant links and publicationsShaw, J., Garling, O. and Kenny, M. (2022). Townscapes: Pride in Place. The Bennett Institute, https://www.bennettinstitute.cam.ac.uk/publications/pride-in-place/ Charlotte Cavaillé (forthcoming). Fair Enough? Support for Redistribution in the Age of Inequality, https://charlottecavaille.wordpress.com/book-project/ More information about our guests:Professor Charlotte Cavaillé is a visiting Research Fellow at the IAST and an Assistant Professor at the Ford School of Public Policy at the University of Michigan. Her research examines the dynamics of popular attitudes towards redistributive social policies at a time of rising inequality, high fiscal stress and high levels of immigration. In her forthcoming book, Fair Enough? Support for Redistribution in the Age of Inequality, Charlotte proposes a new framework to explain why, in countries where inequality has increased the most, voters are not asking for more income redistribution.Ailbhe McNabola is an Affiliated Researcher at the Bennett Institute for Public Policy and Director of Policy and Communications at Power to Change, a charitable trust that supports communities to run businesses that reinvest profits into their local area. She is also Co-Chair of the Social Research Association, a membership organisation that promotes excellence in social research, and a CAPE Policy Fellow. Her career has encompassed management consultancy in the financial services and public sectors, and the commissioning and production of research, evaluation and policy analysis reports for a range of UK government bodies.Jack Shaw is an Affiliated Researcher at the Bennett Institute for Public Policy and recently co-authored a report on pride in place with Professor Michael Kenny and Owen Garling, also at the Bennett Institute. His background is in local government and economic development and currently works at the Institute for Public Policy and Research.Rory Cellan-Jones is a former technology correspondent for the BBC. His 40 years in journalism saw him take a particular interest in the impact of the internet and digital technology on society and business
An Untraditional Approach to DevSecOps & The Future of Application Security TestingIn this episode of Agent of Influence, Nabil is joined by Larry Maccherone, DevSecOps Transformation Architect at Contrast Security. They explore Larry's untraditional definition of DevSecOps, application security testing tools like IAST, SAST, and DAST, and the future of application security testing.
Hello, and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we're going to try to balance the impossible equation of better, faster, and cheaper. As always, please follow us on LinkedIn, and subscribe if you have not already done so. Shigeo Shingo, who lived from 1909-1990, helped to improve efficiency at Toyota by teaching thousands of engineers the Toyota Production System, and even influenced the creation of Kaizen. He wrote, "There are four purposes for improvement: easier, better, faster, cheaper. These four goals appear in order of priority." Satya Nadella, the CEO of Microsoft, stated that, “Every company is a software company. You have to start thinking and operating like a digital company. It's no longer just about procuring one solution and deploying one solution… It's really you yourself thinking of your own future as a digital company, building out what we refer to as systems of intelligence.” The first time I heard this I didn't really fully understand it. But after reflection it makes a ton of sense. For example, let's say your company couldn't send email. How much would that hurt the business? What if your company couldn't use Salesforce to look up customer information? How might that impact future sales? What if your core financial systems had database integrity issues? Any of these examples would greatly impact most businesses. So, getting high-quality software applications that enable the business is a huge win. If every company is a software or digital company, then the CISO has a rare opportunity. That is, we can create one of the largest competitive advantages for our businesses. What if we could create an organization that builds software cheaper, faster, and better than all of our competitors? Sounds good right? That is the focus of today's show, and we are going to teach you how to excel in creating a world class organization through a focused program in Secure Software Development. Now if you like the sound of better, faster, cheaper, as most executives do, you might be thinking, where can I buy that? Let's start at the back and work our way forward. We can make our software development costs cheaper by increasing productivity from developers. We can make our software development practices faster by increasing convenience and reducing waste. We can make our software better by increasing security. Let's first look at increasing productivity. To increase productivity, we need to under stand the Resistance Pyramid. If you know how to change people and the culture within an organization, then you can significantly increase your productivity. However, people and culture are difficult to change, and different people require different management approaches. At the bottom of the pyramid are people who are unknowing. These individuals Don't know what to do. You can think of the interns in your company. They just got to your company, but don't understand what practices and processes to follow. If you want to change the interns, then you need to communicate what is best practice and what is expected from their performance. Utilize an inquiry approach to decrease fear of not knowing, for example, "do you know to whom I should speak about such-and-such?" or "do you know how we do such-and-such here?" An answer of "no" allows you to inform them of the missing knowledge in a conversational rather than a directional manner. The middle part of the pyramid is people who believe they are unable to adapt to change. These are individuals that don't know how to do the task at hand. Here, communications are important, but also skills training. Compare your team members here to an unskilled labor force -- they're willing to work but need an education to move forward. If you give them that, then the unskilled can become skilled. However, if you never invest in them, then you will not increase your company's productivity and lowers your costs. At the Top of the resistance pyramid are the people who are unwilling. These individuals Don't Want to Change. We might call these folks the curmudgeons that say we tried it before, and it doesn't work. Or I'm too old to learn that. If you want to change these individuals and the culture of an organization, then you need to create motivation. As leaders, our focus to stimulate change will be to focus on communicating, educating, and motivating. The first thing that we need to communicate is the Why. Why is Secure Software Development important? The answer is money. There are a variety of studies that have found that when software vulnerabilities get detected in the early development processes, they are cheaper than later in the production phases. Research from the Ponemon Institute in 2017 found that the average cost to address a defect in the development phase was $80, in the build phase was $240, in the QA/Test Phase was $960, and in the Production phase was $7,600. Think of that difference. $80 is about 1% of $7,600. So if a developer finds bugs in the development code then they don't just save their time, they save the time of second developer who doesn't have to do a failed code review, they save the time of an infrastructure engineer who has to put the failed code on a server, they save the time of another tester who has to create regression tests which fail, they save the time of a wasted change approval board on a failed release, and they save the customer representatives time who will respond to customers when the software is detected as having issues. As you see there's a lot of time to be saved by increasing productivity, as well as a 99% cost savings for what has to be done anyway. Saving their own time is something that will directly appeal to every development team member. To do this we need to do something called Shift Left Testing. The term shift left refers to finding vulnerabilities earlier in development. To properly shift left we need to create two secure software development programs. The first program needs to focus on is the processes that an organization needs to follow to build software the right way. This is something you have to build in house. For example, think about how you want software to create a network diagram that architects can look at in your organization. Think about the proper way to register an application into a Configuration Management Database so that there is a POC who can answer questions when an application is down. Think about how a developer needs to get a DNS entry created for new websites. Think about how someone needs to get a website into the various security scanning tools that your organization requires (SAST, DAST, Vuln Management, Container Scanning, etc.) Think about how developers should retire servers at the end of life. These practices are unique to your company. They may require a help desk ticket to make something happen or if you don't have a ticketing system, an email. We need to document all of these into one place where they can be communicated to the staff members who will be following the processes. Then our employee has a checklist of activities they can follow. Remember if it's not in the checklist, then it won't get done. If it doesn't get done, then bad security outcomes are more likely happen. So, work with your architects and security gurus to document all of the required practices for Secure Software Development in your company. You can place this knowledge into a Wikipedia article, a SharePoint site, a Confluence Page, or some kind of website. Make sure to communicate this frequently. For example, have the CIO or CISO share it at the IT All Hands meeting. Send it out in monthly newsletters. Refer to it in security discussions and architecture review boards. The more it's communicated the more unknowing employees will hear about it and change their behavior. The second program that you should consider building is a secure code training platform. You can think of things such as Secure Code Warrior, HackEDU (now known as Security Journey), or Checkmarx Code Bashing. These secure code training solutions are usually bought by organizations instead of being created in-house. They teach developers how to write more secure code. For example, "How do I write JavaScript code that validates user input, sanitizes database queries, and avoids risky program calls that could create vulnerabilities in an application?" If developers gain an education in secure programming, then they are less likely to introduce vulnerabilities into their code. Make these types of training programs available to every developer in your company. Lastly, we need to find a way to motivate the curmudgeons. One way to do that is the following:Let's say you pick one secure coding platform and create an initial launch. The first two hundred people in the organization that pass the secure developer training get a one-time bonus of $200. This perk might get a lot of people interested in the platform. You might even get 10-20% of your organization taking the training in the first quarter of the program. The second quarter your organization announces that during performance reviews anyone who passed the secure software training will be viewed more favorable than their peers. Guess what? You will see more and more people taking the training class. Perhaps you see that 50% of your developer population becomes certified. Then the following year you say since so many developers are now certified, to achieve the rank of Senior Developer within the organization, it is now expected to pass this training. It becomes something HR folks look for during promotion panels. This gradual approach to move the ball in training can work and has been proven to increase the secure developer knowledgebase. Here's a pro tip: Be sure to create some kind of badges or digital certificates that employees can share. You might even hand out stickers upon completion that developers can proudly place on their laptops. Simple things like this can increase visibility. They can also motivate people you didn't think would change. Now that we have increased productivity from the two development programs (building software the right way and a secure code training platform), it's time to increase convenience and reduce waste. Do you know what developers hate? Well, other than last-minute change requests. They hate inefficiencies. Imagine if you get a vulnerability that says you have a bug on line 242 in your code. So you go to the code, and find there really isn't a bug, it's just a false positive in the tool. This false bug detection really, well, bugs developers. So, when your organization picks a new SAST, DAST, or IAST tool, be sure to test the true and false positive rates of the tool. One way to do this is to run the tools you are considering against the OWASP Benchmark. (We have a link to the OWASP Benchmark in our show notes.) The OWASP Benchmark allows companies to test tools against a deliberately vulnerable website with vulnerable code. In reality, testing tools find both good code and bad code. These results should be compared against the ground truth data to determine how many true/false positives were found. For example, if the tool you choose has a 90% True Positive Rate and a 90% False Positive Rate then that means the tool pretty much reports everything is vulnerable. This means valuable developer time is wasted and they will hate the tool despite its value. If the tool has a 50% True Positive Rate and a 50% False positive rate, then the tool is essentially reporting randomly. Once again, this results in lost developer confidence in the tool. You really want tools that have high True Positive Rates and low False Positive Rates. Optimize accordingly. Another developer inefficiency is the amount of tools developers need to leverage. If a developer has to log into multiple tools such as Checkmarx for SAST findings, Qualys for Vulnerability Management findings, Web Inspect for DAST findings, Prisma for Container Findings, Truffle Hog for Secrets scanning, it becomes a burden. If ten systems require two minutes of logging in and setup each that's twenty minutes of unproductive time. Multiply that time the number of developers in your organization and you can see just how much time is lost by your team just to get setup to perform security checks. Let's provide convenience and make development faster. We can do that by centralizing the security scanning results into one tool. We recommend putting all the security findings into a Source Code Repository such as GitHub or GitLab. This allows a developer to log into GitHub every day and see code scanning vulnerabilities, dependency vulnerabilities, and secret findings in one place. This means that they are more likely to make those fixes since they actually see them. You can provide this type of view to developers by buying tools such as GitHub Advanced Security. Now this won't provide all of your security tools in one place by itself. You still might need to show container or cloud findings which are not in GitHub Advanced Security. But this is where you can leverage your Source Code Repository's native CI/CD tooling. GitHub has Actions and GitLab has Runners. With this CI/CD function developers don't need to go to Jenkins and other security tools. They can use a GitHub Actions to integrate Container and Cloud findings from a tool like Prisma. This means that developers have even fewer tools from CI/CD perspectives as well less logging into security tools. Therefore, convenience improves. Now look at it from a longer perspective. If we get all of our developers integrating with these tools in one place, then we can look in our GitHub repositories to determine what vulnerabilities a new software release will introduce. This could be reviewed at Change Approval Board. You could also fast track developer who are coding securely. If a developer has zero findings observed in GitHub, then that code can be auto approved for the Change Approval. However, if you have high/critical findings then you need manager approvals first. These approvals can be codified using GitHub code scanning, which has subsumed the tool Looks Good To Me (LGTM), which stopped accepting new user sign-ups last week (31 August 2022). This process can be streamlined into DevSecOps pipelines that improve speed and convenience when folks can skip change approval meetings. Another key way we can make software faster is by performing value stream mapping exercises. Here's an example of how that reduces waste. Let's say from the time Nessus finds a vulnerability there's actually fifteen steps that need to occur within an organization to fix the vulnerability. For example, the vulnerability needs to be assigned to the right team, the team needs to look at the vulnerability to confirm it's a legitimate finding, a patch needs to be available, a patch needs to be tested, a change window needs to be available, etc. Each of these fifteen steps take time and often require different handoffs between teams. These activities often mean that things sit in queues. This can result in waste and inefficiencies. Have your team meet with the various stakeholders and identify two time durations. One is the best-case time for how long something should go through in an optimal process. The second is the average time it takes things to go through in the current process. At the end of it you might see that the optimal case is that it takes twenty days to complete the fifteen activities whereas the average case takes ninety days. This insight can show you where you are inefficient. You can identify ways to speed up from ninety to twenty days. If you can do this faster, then developer time is gained. Now, developers don't have to wait for things to happen. Making it convenient and less wasteful through value stream mapping exercises allows your teams to deploy faster, patch faster, and perform faster. OK last but not least is making software better by increasing security. At the end of the day, there are many software activities that we do which provide zero value to the business. For example, patching operating systems on servers does not increase sales. What makes the sales team sell more products? The answer is more features on a website such as product recommendations, more analysis of the data to better target consumers, and more recommendations from the reporting to identify better widgets to sell. Now, I know you are thinking, did CISO Tradecraft just say to not patch your operating systems? No, we did not. We are saying patching operating systems is not a value-add exercise. Here's what we do recommend. Ask every development team to identify what ike patching. Systems that have a plethora of maintenance activities are wasteful and should be shortlisted for replacement. You know the ones: solutions still running via on-premises VMWare software, software needing monthly java patching, and software if the wind blows the wrong way you have an unknown error. These systems are ripe for replacement. It can also be a compelling sell to executives. For example, imagine going to the CIO and CEO of Acme corporation. You highlight the Acme app is run by a staff of ten developers which fully loaded cost us about $250K each. Therefore, developing, debugging, and maintaining that app costs our organization roughly $2,500,000 in developer time alone plus hosting fees. You have analyzed this application and found that roughly 80% of the time, or $2,000,000, is spent on maintenance activities such as patching. You believe if the team were to rewrite the application in a modern programming language using a serverless technology approach the team could lower maintenance activities from 80% to 30%. This means that the maintenance costs would decrease from $2 million to $750K each year. Therefore, you can build a financial case that leadership fund a $1.25 million initiative to rewrite the application in a more supportable language and environment, which will pay for itself at the end of the second year. No, I didn't get my math wrong -- don't forget that you're still paying the old costs while developing the new system.) Now if you just did a lift and shift to AWS and ran the servers on EC-2 or ECS, then you still have to patch the instance operating systems, middle ware, and software -- all of which is a non-value add. This means that you won't reduce the maintenance activities from 80% to 30%. Don't waste developer time on these expensive transition activities; you're not going to come out ahead. Now let's instead look at how to make that maintenance go away by switching to a serverless approach. Imagine if the organization rewrote the VMware application to run on either: A third party hosted SaaS platform such as Salesforce or Office 365 or A serverless AWS application consisting of Amazon S3 buckets to handle front-end code, an Amazon API Gateway to make REST API calls to endpoints, AWS Lambda to run code to retrieve information from a Database, and Dynamo DB to store data by the application This new software shift to a serverless architecture means you no longer have to worry about patching operating systems or middleware. It also means developers don't spend time fixing misconfigurations and vulnerabilities at the operating system or middleware level. This means you made the software more secure and gave the developers more time to write new software features which can impact the business profitability. This serverless approach truly is better and more secure. There's a great story from Capital One you can look up in our show notes that discusses how they moved from EC-2 Servers to Lambda for their Credit Offers Application Interface. The executive summary states that the switch to serverless resulted in 70% performance gains, 90% cost savings, and increased team velocity by 30% since time was not spent patching, fixing, and taking care of servers. Capital One uses this newfound developer time to innovate, create, and expand on business requirements. So, if you want to make cheaper, faster, and better software, then focus on reducing maintenance activities that don't add value to the business. Let's recap. World class CISOs create a world class software development organization. They do this by focusing on cheaper, faster, and better software. To perform this function CISOs increase productivity from developers by creating documentation that teaches developers how to build software the right way as well as creating a training program that promotes secure coding practices. World Class CISOs increase the convenience to developers by bringing high-confidence vulnerability lists to developers which means time savings in not weeding out false positives. Developers live in Source Code Repositories such as GitHub or GitLab, not the ten different software security tools that security organizations police. World Class CISOs remove waste by performing value stream exercises to lean out processes and make it easier for developers to be more efficient. Finally, World Class CISOs make software better by changing the legacy architecture with expensive maintenance activities to something that is a winnable game. These CISOs partner with the business to focus on finding systems that when re-architected to become serverless increase performance gains, promote cost savings, and increase developer velocity. We appreciate your time listening to today's episode. If this sparks a new idea in your head. please write it down, share it on LinkedIn and tag CISO Tradecraft in the comment. We would love to see how you are taking these cyber lessons into your organization to make better software for all of us. Thanks again for listening to CISO Tradecraft. This is G. Mark Hardy, and until next time, stay safe out there. References https://www.sixsigmadaily.com/who-was-shigeo-shingo-and-why-is-he-important-to-process-improvement/ https://news.microsoft.com/speeches/satya-nadella-and-chris-capossela-envision-2016/ Galpin, T.J. (1996). The Human Side of Change: A Practical Guide to Organization Redesign. Jossey-Bass https://www.businesscoaching.co.uk/news/blog/how-to-break-down-barriers-to-change Ponemon Institute and IBM. (2017) The State of Vulnerability Management in the Cloud and On-Premises https://www.bmc.com/blogs/what-is-shift-left-shift-left-testing-explained/ https://www.securecodewarrior.com/ https://www.securityjourney.com/ https://checkmarx.com/product/codebashing-secure-code-training/ https://owasp.org/www-project-benchmark/ https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security https://medium.com/capital-one-tech/a-serverless-and-go-journey-credit-offers-api-74ef1f9fde7f
Vajrakilaya and his mantra is important in our modern world — since Vajrakilaya is the activity of all the Buddhas. He is the wrathful Heruka emanation of glorious Buddha Vajrasattva. At the same time, he is the ultimate expression of Bodhichitta and compassion and love.Listen or chant along with the Sanskrit version of his mantra — famous for accomplishing the Enlightened activities and overcoming our obstacles, chanted beautifully by Hrishikesh Sonar.Om Vajra Kili Kilaya Sarva Vighnam Vam Hum PeyCREDITSOriginal music, singing and arrangement by Hrishikesh Sonar The literal translation of the mantraAlthough mantras can't be broken down by word translation — ideally, listen to full commentaries from teachers on the deeper meanings — for helpful reference, we have translated the Sanskrit mantra somewhat literally here.Om Vajra Kili Kilaya Sarva Vighnam Vam Hum PeyVajraVajra, in Sanskrit, has both the meanings of “thunderbolt” and “diamond.” Like the thunderbolt, the vajra cleaves through ignorance. It also connotes “swift” or “instant.”KiliKila : in Sansrit कील; IAST: kīla for a three-sided peg, stake, or knife. Kili associated with Quick Activity, Quick Action, Strength — as in the small three-cornered tent peg that can secure a tent against the worse weather. But also “staking” quickly or pegging instantly.KilayaVajraKilaya is the name of the great One, in this a form of Vajrakila (which means Thunderbolt quickly “Spike” or nail down — as in transfixing our obstructions to Enlightenment.SarvaSarva (सर्व) Sanskrit — Sarva (सर्व) refers to “(the attainment of) everything”VighnamNoun. विघ्न • (vighna) m. a breaker, destroyer. an obstacle, impediment, hindrance, opposition, prevention, interruption, any difficulty or trouble.Vam(Bam in Tibetan) Vam is the seed syllable of Vajrakilaya — although Hum is also considered his ultimate seed syllable (Dharmakaya seed syllable). Vam is the bija, or seed, sound of the sacral chakra. When chanting the mantra, vam, the power of the sound vibrations is believed to cleanse this chakra, which is the energy center of creativityHumHum connotes “method and wisdom” or “Compassion and comprehension of Shunyata”Pey (Phet, Phat)Note: this is a phonetic spelling: it is a slightly aspirated sound like P-Hey (with a soft “tuh” sound at the end) — hard to pronounce so most people, chant “pey!”)Pey means “cutting through” or “cut!” — as in cutting all obstacles to success, siddhis and Enlightenment.Typically, online you'll find this mantra chanted in the Tibetan versionOM BENZA KILI KILIYA SARWA BIGHANEN BAM HUNG PHATSupport the show
The Good Morning Football Podcast begins with a look at which players could make the biggest improvement this season. Hosts Peter Schrager, Kyle Brandt, Super Bowl champion Michael Robinson and Will Selva explain why they think players like Trevor Lawrence, CeeDee Lamb, Mac Jones and Jalen Hurts will make the biggest jump. Next, Kyle runs through his top-5 fullbacks of all time and then Peter leads “mixed bag trivia” where he asks questions about the Green Bay Packers all-time leading receiver and the defensive player with the most Super Bowl rings. Later, the GMFB crew is joined by Minnesota Vikings linebacker Janarius Robinson and he talks about his return after missing last season, and then he shares what it's like having Kevin O'Connell as the head coach. The show finishes up being joined by Dallas Cowboys DT Osa Odighizuwa and he talks about his activity on Twitter and then makes a pitch to the fans on why the Cowboys will be good this year. See omnystudio.com/listener for privacy information.
This podcast looks at the psychological quirks of humankind, what effects our bad decisions have on the society we live in, and how policy might best steer us towards better outcomes.Rory Cellan-Jones talks to Dr Bence Bago - Research Fellow at the Institute for Advanced Study in Toulouse, and Professor Dame Theresa Marteau – the Director of the Behaviour and Health Research Unit at the University of Cambridge and co-chair of The Lancet Chatham House Commission on improving health post Covid-19.They draw on their research to explore what defines a ‘bad decision', what causes us to make them, the effects of the Covid-19 pandemic on governments' and citizens' decision-making, the role of social media in misinformation processing, what we can do to prevent ourselves from making bad decisions, and what governments can do to improve matters.Listen to this episode on your preferred podcast platform.Episode 9 transcript For more information about the podcast and the work of the institutes, visit our websites at www.bennettinstitute.cam.ac.uk and www.iast.fr . Tweet us with your thoughts at @BennettInst and @IASToulouse. Audio production by Steve Hankey Podcast editing by Annabel ManleyMore about our guestsProfessor Dame Theresa Marteau is Director of the Behaviour and Health Research Unit at the University of Cambridge. Her research focuses on the development and evaluation of interventions to change behaviour (principally food, tobacco and alcohol consumption) to improve population and planetary health and reduce health inequalities, with a particular focus on targeting non-conscious processes. She co-chairs the Lancet-Chatham House Commission on improving population health post-COVID-19, and participated in the UK government's Scientific Advisory Group for Emergencies (SAGE), responding to Covid-19. She is also one of the members of the management board of the Bennett Institute for Public Policy.Dr Bence Bago is a research fellow at the IAST, with an academic background in cognitive psychology. His research interests in the interplay between intuitive and analytical processes in human decision-making, including applications in truth discernment when exposed to misinformation.Rory Cellan-Jones was a technology correspondent for the BBC. His 40 years in journalism have seen him take a particular interest in the impact of the internet and digital technology on society and business. He has also written multiple books, including his latest “Always On” which was published in 2021.
This episode looks at what we expect from our leaders, how that's changed over time, and whether democratic leaders are particularly prone to disappointing us. This episode is hosted by Rory Cellan-Jones, and features experts Dr Roberto Foa, Assistant Professor in Politics and Public Policy at the University of Cambridge, and Dr Zachary Garfield, Research Fellow at the Institute for Advanced Study in Toulouse.Listen to this episode on your preferred podcast platform.Episode 8 transcriptFor more information about the podcast and the work of the institutes, visit our websites at www.bennettinstitute.cam.ac.uk and www.iast.fr .Tweet us with your thoughts at @BennettInst and @IASToulouse.Audio production by Steve Hankey.Podcast editing by Annabel ManleyMore about our guestsDr Roberto FoaRoberto Stefan Foa is Assistant Professor in Politics and Public Policy at the University of Cambridge, Co-Director of the Cambridge Centre for the Future of Democracy, and Director of the YouGov-Cambridge Centre for Public Opinion Research. His research examines the quality of government, regimes, and comparative social indicators, and is frequently cited in academic and media debates.Dr Zachery GarfieldZachary Garfield is a Research Fellow at the IAST. He studied as an evolutionary anthropologist with research interests in the evolution of human leadership and the nature of social and political hierarchies across human societies. He is also the co-director of the Omo Valley Research Project which is working to create a large scale dataset from the various ethnolinguistic groups within the Omo Valley region of Ethiopia.
This podcast looks at why some people think we need policies for happiness and what those might mean. Leading experts discuss how to define and measure happiness, the drivers of happiness in different countries and societies, and what we know about what works and what doesn't in terms of policy solutions and interventions.This episode is hosted by Rory Cellan-Jones, and features experts Anna Alexandrova, Professor in Philosophy of Science at the University of Cambridge and a Fellow of King's College Cambridge, and Dr Jonathan Stieglitz, Associate Professor of Anthropology at IAST and the University of Toulouse 1 Capitole.Listen to this episode on your preferred podcast platform.Episode 7 transcriptFor more information about the podcast and the work of the institutes, visit our websites at www.bennettinstitute.cam.ac.uk and www.iast.fr/.Tweet us with your thoughts at @BennettInst and @IASToulouse.Audio production by Steve Hankey.Podcast editing by Annabel ManleyMore information about our guests:Professor Anna AlexandrovaAnna Alexandrova is a Professor in Philosophy of Science at the University of Cambridge and a Fellow of King's College Cambridge. She researches how formal tools such as models and indicators enable scientists to navigate complex phenomena tinged with ethical and political dimensions. Her book A Philosophy for the Science of Wellbeing came out with Oxford University Press in 2017 and won the 2022 Gittler Book Prize of the American Philosophical Association. She previously taught at the University of Missouri St Louis and completed her PhD at the University of California San Diego. She was born and brought up in the southern Russian city of Krasnodar.Dr Jonathan StieglitzDr Jonathan Stieglitz is an Associate Professor of Anthropology at IAST and the University of Toulouse 1 Capitole. His main research interest is studying the health and well-being of individuals in small-scale subsistence societies, in part to gain broader insights into how humans may have lived in the past. He is Co-Director of the Tsimane Health and Life History Project, a longitudinal study of the evolution of the human life course; the project began in 2002 and currently focuses on better understanding the development of certain non-communicable diseases among two native South American populations - the Tsimane and Moseten of Bolivia.
This special edition of Crossing Channels was organised in response to the invasion of Ukraine that began in February 2022. It covers how the Ukrainian people, policymakers, and government have responded during the first ten days of the war, its geopolitical context and implications, and the scale of the information war taking place, within both Ukraine and Russia. This episode is hosted by Rory Cellan-Jones, and features expert guests Nataliia Shapoval from the Kyiv School of Economics, Horacio Larreguy from the IAST, and Ayse Zarakol from the University of Cambridge. Listen to this episode on your preferred podcast platform.Episode 6 transcriptFor more information about the conflict, the BBC is running a live webpage with up-to-date coverage of the war here: https://www.bbc.co.uk/news/live/world-europe-60532634The Kyiv School of Economics has on its website a summary of ways you can support it and Ukraine during the crisis: https://kse.ua/. This includes their lecture marathon to enhance Ukrainian intellectual sovereignty, along with ways to donate and apply political pressure. For more information about the podcast and the work of the institutes, visit our websites at www.bennettinstitute.cam.ac.uk and www.iast.fr/. Tweet us with your thoughts at @BennettInst and @IASToulouse.Audio production by Steve Hankey.Podcast editing by Annabel ManleyMore information about our guests:Nataliia Shapoval is the Vice President for Policy Research and Director of the Center of Excellence in Procurement at the Kyiv School of Economics in Ukraine. She worked on policy research projects on public health's cost and resource allocation, and on youth unemployment in Ukraine and Europe. She is also a member of the Editorial Board of Vox Ukraine, and a contributor to the Ukraine reform monitoring project of the Carnegie Endowment for International Peace.Ayse Zarakol is a Professor of International Relations at the University of Cambridge. Her research interests are at the intersection of historical sociology and international relations, focussing on East-West relations. She is the author of two books, her first being After Defeat: How the East Learned to Live with the West (2011) which covers the integration of defeated non-Western powers into the international system. Her second, Before the West: The Rise and Fall of Eastern World Orders, which looks at an alternative global history for international relations focussed on (Eur)asia, was released in March 2022. This book is available for purchase here: https://tinyurl.com/2p9xddxp Horacio Larreguy is an Associate Professor of Economics and Political Science at the Instituto Tecnologico Autonomo de Mexico (ITAM), and is currently a visiting researcher at the Toulouse School of Economics and IAST. His research interests are in political accountability and voting behaviour, including the importance of information for political accountability. More recently, he has worked on projects on misinformation and the Covid-19 infodemic.
The UK is currently one of the most regionally unequal countries in the developed world. The government's White Paper on Levelling Up sets out 12 “missions” to increase economic opportunities across all regions. The UK is far from the first country to try and “level up” regional areas. Countries including France, Germany and China are also making efforts to tackle similar regional inequalities.But just how easy is it to tackle regional economic imbalances for levelling up to work? Rory Cellan-Jones talks to Sylvain Chabé-Ferret from the Institute for Advanced Study in Toulouse, and Professor Michael Kenny and Dame Fiona Reynolds from the Bennett Institute for Public Policy about just how far public policies can really go to address regional inequalities.Listen to this episode on your preferred podcast platform including Spotify and Apple Podcasts. Episode 5 transcriptThe Crossing Channels podcast series is produced by the Bennett Institute for Public Policy and IAST. Tweet us with your thoughts at @BennettInst and @IASToulouse #CrossingChannelsAudio production by Steve Hankey.Podcast editing by Annabel ManleyMore about our guests:Professor Michael Kenny is the inaugural director of the Bennett Institute for Public Policy, and leads its Policy and Engagement programme on ‘Place'. He is leading research projects on left-behind communities, social infrastructure and devolution, and is writing a book about the UK's constitutional future.Dame Fiona Reynolds DBE is the Chair of the Management Board for the Bennett Institute, and chair of the National Audit Office and Chair of the Governing Council of the Royal Agricultural University.Dr Sylvain Chabé-Ferret is Assistant Professor at the Toulouse School of Economics, Research Fellow at Inrae and member of the Institute for Advanced Studies in Toulouse. He specialises in the econometrics of causal inference with applications to the evaluation of Payments for Environmental Services and of Job Training Programs. Sylvain has also set The Social Science Knowledge Accumulation Initiative (SKY), which aims to summarise evidence in social science, mainly via meta-analyses.www.bennettinstitute.cam.ac.ukwww.iast.fr
This episode discusses the potential of digital technologies to change infrastructure priorities in developing countries. Experts from the Bennett Institute for Public Policy, Cambridge, and the Institute for Advanced Study in Toulouse (IAST) consider what counts as infrastructure, whether ‘leapfrogging' is a useful term, emerging digital divides, and the impact of foreign (particularly American and Chinese) tech giants in this space.This fourth episode in the Crossing Channels podcast series is hosted by Rory Cellan-Jones, and features guest experts Dr Stephanie Diepeveen (Bennett Institute), Professor Stéphane Straub (IAST), and Dr Rehema Msulwa (Bennett Institute).Listen on your preferred podcast platform including Spotify and Apple podcasts. Episode 4 transcriptThe Crossing Channels podcast series is produced by the Bennett Institute for Public Policy and IAST. Tweet us with your thoughts at @BennettInst and @IASToulouse #CrossingChannelsAudio production by Steve Hankey.Podcast editing by Annabel ManleyMore about our guests:Dr Stephanie Diepeveen is a research associate at the Bennett Institute for Public Policy, as well as a research fellow at Overseas Development Institute. Her research focuses on digitalisation and politics. She recently published the book, "Searching for a New Kenya: Politics and Social Media on the Streets of Mombasa", which investigates the democratic value of street-based and online public debates.Dr Rehema Msulwa is a Research Associate at the Bennett Institute for Public Policy. Her research is on the intersection of policy and the design and delivery of capital-intensive infrastructure projects. She has engaged and worked with government bodies, research institutes and consultancies in several countries, including the UK, India, Nigeria, and South Africa.Stéphane Straub is Professor of Economics at the Toulouse School of Economics, where he is the head of the Behaviour, Institutions and Development group. He works on issues of infrastructure, procurement, and more generally institutional development in the context of developing countries. He has held academic positions in the US, the UK and France, has been a lead Economist with the Sustainable Development Practice Group at the World Bank in Washington DC (2016-17), and is a consultant for several international institutions such as the World Bank, the Inter-American Development Bank, the European Union, and the Asian Development Bank among others. He is currently president of the European Development Network (EUDN).
Sabe aquele famoso Web Scanner que você adora? Pois é, talvez ele não teste TUDO o que você precisa. Mas nem por isso você deve se livrar dele, confere com a gente a visão sobre testes dinâmicos de segurança.
Armas e mais armas... para lutar uma guerra se faz necessário muitas armas. Neste episódio falamos sobre um verdadeiro arsenal de ferramentas para você implementar AppSec sem gastar um centavo. E também ferramentas enterprise para quem quer investir de verdade em AppSec.
Hope versus fear in artificial intelligenceIn this third episode of Crossing Channels, experts from the Bennett Institute for Public Policy, Cambridge, and the Institute for Advanced Study in Toulouse (IAST), discuss the ethics of artificial intelligence (AI), including why we need to care about it, who is responsible for it, and whether there's a double standard for AI and humans.Host Rory Cellan-Jones talks to Dr Jean-Francois Bonnefon and Professor Daniel Chen from IAST, and Professor Diane Coyle from the Bennett Institute.Listen on Spotify and Apple Podcasts Episode 3 transcriptFor more information about the podcast and the work of the institutes, visit our websites at www.bennettinstitute.cam.ac.uk and www.iast.fr/. Tweet us your thoughts at @BennettInst and @IASToulouse.Audio production by Steve Hankey.Podcast editing by Annabel ManleyMore about our guestsDr Jean-Francois Bonnefon is the Scientific Director at the Institute for Advanced Study in Toulouse (IAST), and a Research Director for the French National Centre for Scientific Research (CNRS). He is also the President of the European Commission expert group on the ethics of driverless mobility, Head of the Artificial Intelligenve and Society programme of the Toulouse School of Economics Digital Center, and Chair of Moral AI at the Artificial and Natural Intelligence Toulouse Institute. His research interests are decision-making and moral preferences, and the applications of this in the ethics of self-driving cars and other intelligent machines.Professor Daniel Chen is a Senior Fellow at the Institute for Advanced Study in Toulouse, a Professor at the Toulouse School of Economics, and a Director of Research at the French National Centre for Scientific Research (CNRS). His research interests include AI and the Rule of Law, with an overarching focus on normative commitments and the justice system. He is also Lead Principal Investigator for the World Bank DE JURE (Data and Evidence for Justice Reform) programme, which aims to update how legitimacy and equality in the justice system is measured and interpreted.Professor Diane Coyle is the Bennett Professor of Public Policy at the University of Cambridge. She co-directs the Bennett Institute for Public Policy where she heads research under the themes of progress and productivity. Diane is also a Director of The Productivity Institute, a Fellow of the Office for National Statistics, an expert adviser to the National Infrastructure Commission, and Senior Independent Member of the ESRC Council. Her research interests cover economic statistics, the digital economy, competition policy and digital markets, and the economics of new technologies.Rory Cellan- Jones (host) is a former technology correspondent for the BBC. His 40 years in journalism saw him take a particular interest in the impact of the internet and digital technology on society and business. He has written multiple books, including his latest “Always On” which was published in 2021.
This episode tackles the issue of running government in the modern age. These include how the public perceptions of the government have changed, why there are so many civil service reforms, and what governments learn during crises. This episode is hosted by Rory Cellan-Jones, and features expert guests Dennis Grube, Mohamed Saleh, and Catherine Haddon. For more information about the podcast and the work of the institutes, visit our websites at www.bennettinstitute.cam.ac.uk, and www.iast.fr/. Tweet us with your thoughts at @BennettInst and @IASToulouse.Audio production by Steve Hankey Podcast editing by Annabel ManleyMore information about our guests:Dennis Grube has been a researcher on Politics and Public Policy at the University since 2016, and was previously an Associate Professor and Principal Research Fellow with the Institute for the Study of Social Change at the University of Tasmania. His research interests are around political decision-making, the role of civil servants in that and how that then passes through to institutional memory.Mohamed Saleh is a Professor of Economics at the Toulouse School of Economics, and a member of the IAST. His research interests are in economic history, and the economic history of the Middle East and North Africa in particular. Catherine Haddon is the resident historian at the Institute for Government. Catherine also leads the Institute's work on changes of government, ministers and the workings of the constitution, and heads the Institute's professional development programme of ministers and opposition parties.
Crossing Channels is the new podcast series produced by the Bennett Institute for Public Policy and Institute for Advanced Study to give interdisciplinary answers to today's big questions. Experts from both research centres will discuss different approaches to explore complex challenges and offer policy solutions. This first teaser episode hosted by Rory Cellan-Jones with co-director of the Bennett Institute and Bennett Professor, Diane Coyle, and Professor of Economics at the Toulouse School of Economics, former Director of the Institute for Advanced Study in Toulouse, and a Visiting Fellow of All Souls College, University of Oxford, Paul Seabright, discusses the thinking behind the Crossing Channels podcast series and the debates listeners can look forward to joining.Subscribe to the Crossing Channels podcast feed, download each episode at the start of the month,, download each episode at the start of the month, tweet us your thoughts at @BennettInst and @IASToulouse, and read more about our research at bennettinstitute.cam.ac.uk and iast.fr.This episode is produced by Steve Hankey (audio) & Annabel Manley.
Chris begins his team by team Film Room Scouting Report and Roster Analysis of the Big 12. Today he breaks down Oklahoma, Texas, Iowa State and TCU along with taking stock of where the league stands at this point and what they are trying to accomplish with other league partnerships. He also takes your questions and cover all the latest news, notes and analysis around the Big 12 and National College Football.
Application security testing ... top tips to achieve more SASTisfaction from your tooling.ReferencesYoutube Channel: AppSecEngineerYoutube Channel: we45OSSF ScorecardPlease visit our YouTube Channel to see Florin present in our July 2021 Gathering (monthly meet-up).Guest SpeakersFlorin CoadaI've been working in the Application Security testing space for the last eight years. I was lucky enough to experience many customer environments and different testing technologies (SAST, DAST, IAST, SCA). Over the years, I became more interested in SAST, and I am currently working as a product manager in this space. One of my areas of personal interest is how we enable developers to become more independent and get security teams to trust them more. I'm always up for a talk about security, gaming and a combination of both.https://www.linkedin.com/in/florincoada/Abhay BhargavAbhay is the CEO of we45, a focused Application Security company. He's a renowned application security expert and a leader in the domain of DevSecOps. Abhay brings with him, a rich experience with working on complex security engagements, from penetration testing to security architecture reviews to compliance consulting.https://www.linkedin.com/in/abhaybhargav/Your HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering
“Shift Left, But Not Too Left”: A Conversation on AppSec and Development TrendsIn this episode of Agent of Influence, Nabil speaks with Maty Siman, founder and CTO at Checkmarx. Hear Maty share the Checkmarx origin story and discuss application security and development trends, how to manage open-source software risks, the concept of shift left, challenges of API security, the future of IAST, static analysis best practices, and biking in the Israeli desert.
Open Web Application Security Project (OWASP) - Portland, Oregon Chapter
Our special guest today is Jeff Williams, Co-Founder and CTO of Contrast Security. Jeff was one of the pioneering members who formed the Open Web Application Security Project® (OWASP). Not only did he chair it, he also contributed to many successful open source projects, including WebGoat, the OWASP Application Security Verification Standard (ASVS), the OWASP Top Ten and much more. Without him and others we would not be doing this podcast today. Besides founding Contrast Security in 2014, he started Aspect Security in 2002. Jeff got his law degree at Georgetown University Law Center along with a computer science and psychology degree at the University of Virginia. In the early 1990's, he built high assurance systems for the U.S. Navy and taught the INFOSEC curriculum for the NSA during the good old days of the Orange Book - a trusted computer system evaluation criteria for the U.S. Department of Defense.We want to say thank you to Contrast Security for being one of our sponsors for the inaugural OWASP Pacific Northwest Application Security Conference 2021.Jeff's LinksContrast SecurityLinkedInTwitterSecurity Maganize Article - New NIST Standards on IAST and RASP Deliver State-of-the-Art AppSecWebGoatASVSBlackHat USA - Enterprise Java Rootkits - "Hardly anyone watches the developers"PNWSEChttps://pnwcon.comTwitter: @pnwsecconpnwseccon@gmail.com (contact)Jeff Williams was interviewed by David Quisenberry and John L. Whiteman.Follow us:HomepageTwitterMeetupLinkedInYouTubeSupport the show (https://owasp.org/supporters/)
Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another discussion Application Security, DevSecOps and AppScan. This episode has guest Panellist Ran Klein bringing us up to speed with IAST and correlation prospects. The team also discuss AppScan news, ransomware updates and growing babies in pods.
❤️Поддержать канал ➡️ daniel-che.ru/donate/ Заходите в гости на основной YouTube канал там больше полезного :) ➡️ www.youtube.com/c/DanielChe Более 250 000 000 человек в мире занимаются йогой. В рекламной кампании она уже не нуждается. Йога - новый культурный тренд, атрибут элитного образа жизни. И выгодный бизнес. Рынок переполнен товарами, без которых заниматься йогой якобы невозможно: коврики, одежда, обувь, журналы, книги, фильмы, лечебные масла... и собственно сами занятия йогой. Возможно, несколько десятков лет комфорта заставили нас забыть о том, что же такое йога на самом деле? Эта книга написана для того, чтобы разобраться, что в современной йоге настоящее, а что нет, что помогает, а что вредит. А главное, почему это так. Йо́га (дев. योग, IAST: yoga) — понятие в индийской культуре, в широком смысле означающее совокупность различных духовных, психических и физических практик, разрабатываемых в разных направлениях индуизма и буддизма и нацеленных на управление психическими и физиологическими функциями организма с целью достижения индивидуумом возвышенного духовного и психического состояния. В более узком смысле, йога — одна из шести ортодоксальных школ (даршан) философии индуизма. Основные направления йоги: раджа-йога, карма-йога, джнана-йога, бхакти-йога и хатха-йога. В контексте философии индуизма, под йогой понимается система раджа-йоги, изложенная в «Йога-сутрах» Патанджали и тесным образом связанная с основополагающими принципами санкхьи. Йога обсуждается в различных писаниях индуизма, таких как Веды, Упанишады, «Бхагавадгита», «Хатха-йога-прадипика», «Шива-самхита» и Тантры. Конечная цель йоги может быть совершенно разной: от улучшения физического здоровья и до достижения мокши. За пределами Индии термин «йога» зачастую ассоциируется лишь с хатха-йогой и её асанами — физическими упражнениями, что не отражает духовного и душевного аспектов йоги. Того, кто изучает и практикует йогу, именуют йогом или йогином. Основным источником, в котором отражено развитие концепции йоги, являются так называемые «средние» Упанишады (датируемые VI веком до н. э.), «Махабхарата» и «Бхагавад-гита», а также «Йога-сутры» Патанджали (II век до н. э.). В «Йога-сутрах» йога впервые была изложена как одна из школ («даршан») индуистской философии. Эта ранняя школа йоги ретроспективно получила известность под ретронимом раджа-йога с целью отличить её от других, более поздних школ. Основным источником, в котором отражено развитие концепции йоги, являются так называемые «средние» Упанишады (датируемые VI веком до н. э.), «Махабхарата» и «Бхагавад-гита», а также «Йога-сутры» Патанджали (II век до н. э.). В «Йога-сутрах» йога впервые была изложена как одна из школ («даршан») индуистской философии. Эта ранняя школа йоги ретроспективно получила известность под ретронимом раджа-йога с целью отличить её от других, более поздних школ.
Веда́нта (санскр. वेदान्त, vedānta IAST, «окончание Вед») — одна из шести ортодоксальных школ (даршан) в философии индуизма. В сущности, веданта является общим названием ряда философско-религиозных традиций в индуизме, объединяемых темой, предметом, и отчасти — основополагающими текстами и написанными к ним комментариями, и разделяемых предлагаемыми решениями. Кроме Вед и Упанишад, авторитетными текстами во всех направлениях веданты считаются «Веданта-сутры» Вьясы, а в теистических школах — «Бхагавад-гита» и «Бхагавата-пурана». Первоначально это название относилось к философским текстам, примыкавшим к Ведам — Брахманам, Араньякам и Упанишадам, которые являются пояснениями и дополнениями к четырём Ведам. Впоследствии, эти древние ведийские тексты послужили основой для ортодоксальной (астика) школы индийской философии, которая стала называться ведантой. Веданту также называют уттара-миманса (санскр. उत्तरमीमांसा, uttara mīmāṃsā IAST), то есть второй, поздней, или высшей мимансой, в отличие от другой школы индийской философии — пурва-мимансы — первой мимансы. Пурва-миманса сфокусирована на толковании значения ведийских огненных жертвоприношений и используемых в них мантр, изложенных в Самхитах четырёх Вед и в Брахманах. Веданта же в основном посвящена философскому толкованию учения Араньяк и Упанишад. Традиция веданты в индуизме интерпретировала Упанишады и объяснила их смысл. Веданта, как и ведийские писания на которых она основывается, в основном сосредоточена на самоосознании — понимании индивидом своей изначальной природы и природы Абсолютной Истины — в её личностном аспекте как Бхагаван или в её безличном аспекте как Брахман. Веданта, под которой понимается «конечное знание» или «конец всего знания», не ограничивается каким-либо определённым текстом или текстами и у ведантической философии не существует единого источника. Веданта основывается на неизменных, абсолютных, духовных законах, которые являются общими для большинства религий и духовных традиций мира. Веданта, как конечное знание, приводит к состоянию самоосознания или космического сознания. Как исторически, так и в современном контексте, веданта понимается как всецело трансцендентное и духовное состояние, а не как концепция, которая может быть постигнута просто с помощью материального разума. ❤️Поддержать канал ➡️https://daniel-che.ru/donate/
Санкхья, самкхья (санскр. संख्या, saṃkhyā IAST — «перечисление») — философия индийского дуализма, основанная Капилой. В мире действуют два начала: пракрити (материя) и пуруша (дух). Цель философии санкхьи — отвлечение духа от материи. В основе слова «санкхья» лежит корень khya (ख्य), в качестве глагола обозначающий — «это называется»; пассивная форма — «известный», «названный», существительное -«взгляд», «мысль», «идея». С приставкой sam («вместе») корень образует глагольное имя sankhyā — «число», «счёт», что означает «исчисление». Санкхьяик — тот, кто производит исчисление. Популярный словарь индуизма. Е. А. Торчинов: «Обычно различают эпическую и классическую санкхью. Первая из них нашла своё отражение в философских текстах индийского эпоса Махабхарата (прежде всего, в Бхагавадгите). Вторая — представляет собой детально разработанную философскую систему, созданную Ишваракришной в первых веках н. э. Главное отличие между этими двумя видами санкхьи. состоит в том, что эпическая санкхья монистична и теистична (сешваравада), рассматривая материю (пракрити) в качестве начала, производного от божественного Абсолюта, причем материя в её тонкой форме образует творческую энергию, или силу Бога (йогамайя; майя), тогда как классическая санкхья дуалистична и нетеистична (ниришваравада): дух (пуруша) и материя (пракрити) рассматриваются в ней как совершенно независимые и самостоятельные субстанции, а существование единого абсолюта (как в личной, так и безличной форме) отрицается». Друзья, записал 3 часть замечательной книги, которой уже более 100 лет, авторством некоего Йога Рамачараки - "Религии и тайные учения Востока". Книга написана для каждого западного человека, которого интересует философия Индии, но кого, мягко говоря, смущают многие моменты, с которыми приходится сталкиваться, даже при поверхностном изучении традиций Индии. Тем не менее это один из лучших материалов, который поможет вам заложить фундамент понимания, благодаря которому, знания будут систематизированы и восприняты в совершенно ином ключе. Для меня было приятным открытием найти в этой книге те самые умозаключения, к которым пришлось идти эмпирически, путём многих проб и ошибок. Пусть же этот труд, сократит ваш путь. Ом! ☀️ 00:00:00 - Система Санкхьи 01:05:51 - Особое послание 3 йога Рамачараки
Атма-шатака (санскр. आत्माषटकम्, ātmā-śatakaṁ IAST, «Шесть строф об Атмане») или Нирвана-шатака (санскр. निर्वाणषटकम्, nirvāṇa-śatakaṁ IAST, «Шесть строф о Нирване») — небольшой гимн из шести строф, традиционно приписываемый Шанкаре. В нём автор отождествляет себя с Шивой и вкратце объясняет философию Адвайта-веданты. Весь этот небольшой гимн состоит из отрицания отождествления самого себе с элементами мира, чувствами и т.д.; в каждой строфе последние четыре слова являются рефреном и, фактически, однозначно отвечают на вопрос «кто я такой?»: «cidānanda-rūpah śivo'ham śivo'ham» «Я пребываю в форме вечного сознания и блаженства, Я - Шива, Я - Шива». Прозаический перевод с санскрита: Шив Рагини Стихотворный перевод с санскрита: NN. Аудио (на санскрите) — https://youtu.be/Fi7VkSwCXnI ❤️Поддержать канал ➡️https://daniel-che.ru/donate/
The major cause of insecurity is the lack of secure software development practices. It’s crucial to understand the importance of security within the SDLC. Jim Manico is the founder of MANICODE Security where he trains software developers on secure coding and security engineering. He stops by BarCode to help us define “DevSecOps”, building an Effective CI/CD Pipeline, the differences between SAST/SCA/RASP/DAST and IAST, Security Team/ Development Team Cohesion, what most organizations GET WRONG with implementing DevSecOps, cloud involvement within the SDLC, and helpful OWASP resources.Tony the Bartender gits “Radioactive”.Support the show (https://paypal.me/thebarcodepodcast)