Podcasts about safecode

In episode 107 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Steve Lipner, Executive Director of SAFECode. Together, they discuss how software development organizations can use principles of "secure by design" to get on a track of continuous improvement.Here are some highlights from our episode:01:38. Steve's background and thoughts on the emergence of secure by design14:04. Three guiding principles of secure software development16:13. The impact of security awareness from a developer's perspective22:22. How threat modeling helps to address security as a system problem25:37. The effect of modern software development methodologies like Agile and DevSecOps30:29. What CISA's activity around secure by design means for the industryResourcesSAFECodeSecure Software Development Framework (SSDF)Embedded IoT Security: Helping Vendors in the Design ProcessEpisode 95: AI Augmentation and Its Impact on Cyber DefenseIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

During the last several years, there has been growing concern that the development of quantum computers could undermine the public-key cryptography that is a fundamental pillar of security on the Internet. Recently, the U.S. Government's National Institute of Standards and Technology has released draft standards for post-quantum encryption algorithms that can replace the existing, and potentially vulnerable public-key encryption. But while the future of encryption will depend on new algorithms,there are many other factors that will influence security in the decades to come. In 2022, the National Academies of Sciences, Engineering, and Medicine released a report on "The Future of Encryption" that examines factors including technical aspects of cryptography, societal and policy considerations, and product engineering. The report presents a series of findings that apply broadly, and paints three alternative future scenarios for the future of encryption. This presentation, based largely on the Academies report, will provide researchers, engineers, and policy professionals with context in which to view future developments and concepts for prioritizing future actions. About the speaker:  Steve Lipner is the executive director of SAFECode, an industry nonprofit focused on software security assurance. He was previously partner director of software security at Microsoft where he was the creator and long-time leader of the Security Development Lifecycle (SDL) and was responsible for software integrity policies and government security evaluations. Steve also serves as the chair of the U.S.Government's Information Security and Privacy Advisory Board. He has more than a half century of experience in cybersecurity as researcher, engineer, and development manager and is named as coinventor on twelve U.S. patents. He is a member of the National Academy of Engineering and chaired the Academies' Committee on the Future of Encryption. Steve's CV is available at www.stevelipner.org.

Over fifty years, I've led a lot of security projects that I thought would change the world. Many of them crashed and burned at great cost in money and reputation. There were some common threads including reliance on government claims about the market and on minimal secure systems built from scratch. This talk will describe some failures, some lessons learned the hard way, and how they paid off. About the speaker: Steve Lipner is the executive director of SAFECode, a nonprofit focused on software assurance. He was the creator of theWindows Security Push and the creator and long-time leader of the Microsoft Security Development Lifecycle (SDL). Steve has more than a half century of experience in computer and network security as a researcher, engineer, and development manager, He is chair of the United States Government's Information Security and Privacy Advisory Board, and a member of the National Academy of Engineering and the National Cybersecurity Hall of Fame.

Paul Kurtz is an internationally recognized expert on cybersecurity and the Co-Founder and Chairman of TruSTAR. Paul began working on cybersecurity at the White House in the late 1990s. He served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush. After leaving government, Paul has held numerous private sector cybersecurity positions including founding the Cyber Security Industry Alliance (Acquired by Tech America), Executive Director of SAFECode, Managing Partner of Good Harbor Consulting in Abu Dhabi, and CISO of CyberPoint International. Paul’s work in intelligence analysis, counterterrorism, and critical infrastructure protection has influenced his approach to cybersecurity. Paul believes in intelligence-centric security integration and automation. Today he spends his time consulting security leaders about how to manage their intelligence across tools. Paul believes in using machine learning to help detect, triage, investigate, and respond to events with confidence. In this OODAcast we dive into Paul's views on the cybersecurity landscape today and learn more about his approach to decision-making. We discuss a new concept he has been shepherding in the community regarding how cyber intelligence can be optimized for the benefit of any organization. We also extract lessons relevant for any leader who wants to make better, more accurate and actionable decisions in competitive environments. Additional Resources: TruSTAR: An Intelligence Management platform which helps security teams accelerate automation. Paul Kurtz OODAloop Interview: Our introduction of Paul to other OODAloop members

Hello and welcome to episode 6 of Software Security Gurus, with Matias Madou. In this interview, he chats with Steve Lipner, software security expert, and founder of SAFEcode.org. They discuss his influential book, Security Development Lifecycle, and the changes seen in the fifteen years since its release. With diversity in programming languages a key change, Steve reveals the lessons learned in this period of rapid transformation. For more information, please visit www.softwaresecuritygurus.com. --- Send in a voice message: https://anchor.fm/softwaresecuritygurus/message

For more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and the dependence of national capabilities on the cyber domain. These challenges demand that we think about how to achieve the future we need, which is the subject of a new series of podcasts, The Future of Cyber. In this episode, Bobbie Stempfley, director of the CERT Division of the SEI, explores the future of secure coding with Steve Lipner, the executive director of SAFECode and former director of software security at Microsoft, where he created Microsoft’s Security Development Lifecycle.   

Steve Lipner is the Executive Director of SAFECode, a non-profit organization dedicated to increasing trust in ICT products and services. He retired in 2015 as Partner Director of Software Security at Microsoft, where he was the creator and long-time leader of the Microsoft Security Development Lifecycle (SDL). Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode513 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Steve Lipner is the Executive Director of SAFECode, a non-profit organization dedicated to increasing trust in ICT products and services. He retired in 2015 as Partner Director of Software Security at Microsoft, where he was the creator and long-time leader of the Microsoft Security Development Lifecycle (SDL). Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode513 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Steve Lipner of SAFECode joins us, Roi Abutbul and Guy Franco of Javelin Networks show us the importance of protecting AD, and we discuss the latest security news! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode513 Visit http://www.securityweekly.com for all the latest episodes! Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Steve Lipner of SAFECode joins us, Roi Abutbul and Guy Franco of Javelin Networks show us the importance of protecting AD, and we discuss the latest security news! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode513 Visit http://www.securityweekly.com for all the latest episodes!

If you create an application that runs on one or more computersconnected to a network such as the internet, your code will be attacked.Consequences of compromised systems often include loss of trust,reputation and revenue. Software will always have defects andvulnerabilities. Strikes against digital assets are unquestionably onthe rise. We can, however, make it substantially harder to find andexploit vulnerabilities by identifying insecure coding practices and developing secure alternatives.During this practical session, we'll examine in detail the principlesbehind some of the worst attack patterns seen today in the softwareindustry. Most importantly, we'll learn effective defense programmingtechniques every developer must employ when building software. About the speaker: Cassio Goldschmidt is senior manager of the product security team underthe Office of the CTO at Symantec Corporation. In this role he leadsefforts across the company to ensure the secure development of softwareproducts. His responsibilities include managing Symantec's internalsecure software development process, training, threat modeling andpenetration testing. Cassio's background includes over 12 years oftechnical and managerial experience in the software industry. Duringthe six years he has been with Symantec, he has helped to architect,design and develop several top selling product releases, conductednumerous security classes, and coordinated various penetration tests.Cassio represents Symantec on the SAFECode technical committee and(ISC)2 in the development of the CSSLP certification. He holds abachelor degree in computer science from Pontificia UniversidadeCatolica do Rio Grande Do Sul, a masters degree in software engineeringfrom Santa Clara University, and a masters of business administrationfrom the University of Southern California.