What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure. Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments. Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stron ...
…
continue reading
1
Selena Larson on e-crime matching nation state hackers; Disinfo before the Supreme Court
44:14
44:14
Afspil senere
Afspil senere
Lister
Like
Liked
44:14
When studying cyberoperations, it’s easy to become enamored with state-backed hackers. Russian and Chinese operations have done much to shape our understanding of how power is exercised online, but it’s not clear that the intense attention dedicated to such operations is well-placed. Amid the current epidemic of ransomware, criminal hacking groups …
…
continue reading
1
Protecting teens against sextortion; threats to election workers
35:16
35:16
Afspil senere
Afspil senere
Lister
Like
Liked
35:16
The proliferation of artificial intelligence is exposing teens to a new online threat: AI-generated sexual imagery. Heather Barnhart is a fellow at the SANS Institute and a digital forensic expert, and on this episode of Safe Mode she sits down with host Elias Groll to discuss how teenagers and their families can protect themselves against the scou…
…
continue reading
1
Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX
18:11
18:11
Afspil senere
Afspil senere
Lister
Like
Liked
18:11
The world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation …
…
continue reading
1
Keeping Ukraine’s grid up and running amid war; Snowflake customers under attack
30:42
30:42
Afspil senere
Afspil senere
Lister
Like
Liked
30:42
Following Russia’s full-scale invasion of Ukraine, the Ukrainian power grid has come under sustained attack by Russian forces, and keeping it up and running has been a significant challenge. One of the major issues Ukrainian energy officials have had to confront is the way in which Russian electronic warfare systems have disrupted GPS, which is a k…
…
continue reading
1
A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS?
20:03
20:03
Afspil senere
Afspil senere
Lister
Like
Liked
20:03
Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s Technical Advisory Committee (TAC) Chair. And soon, CRob will step into another role: co-host of What’s in the SOSS? With 25 years of enterprise-class engineering, architectural, operational and leader…
…
continue reading
1
Josh Harguess on AI red-teaming; an Israeli info op targets the U.S.
36:46
36:46
Afspil senere
Afspil senere
Lister
Like
Liked
36:46
To address AI risks, policymakers and technologists around the world have embraced the concept of AI red-teaming — the adversarial testing of AI models. But AI red-teaming is such a new concept that few people know how to conduct such tests. The discipline of AI red-teaming very much remains under development, but as AI systems are rolled out far a…
…
continue reading
1
OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source Security
14:58
14:58
Afspil senere
Afspil senere
Lister
Like
Liked
14:58
Matt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore the frontier of AI, understand its impacts and maximize its benefits, especially in the cybersecurity domain…
…
continue reading
1
Joe Sullivan on his legal battle with the feds; the latest on Russian influence operations
47:17
47:17
Afspil senere
Afspil senere
Lister
Like
Liked
47:17
Joe Sullivan on his legal battle with the feds; the latest on Russian influence operations by Safe Mode PodcastAf Safe Mode Podcast
…
continue reading
1
Omkhar Arasaratnam on open source security; AI dogfighting
36:16
36:16
Afspil senere
Afspil senere
Lister
Like
Liked
36:16
In recent weeks, a series of troubling operations targeting open source software libraries have been uncovered in which bad actors — likely tied to nation states — have attempted to use social engineering to be designated as maintainers of security critical libraries. Operations such as these have the potential to insert backdoors in widely used so…
…
continue reading
1
Eric Brewer and the Future of Open Source Security
16:09
16:09
Afspil senere
Afspil senere
Lister
Like
Liked
16:09
In this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about …
…
continue reading
1
The FBI’s Brett Leatherman on LockBitSupp’s unmasking; a spyware reckoning in Poland
33:21
33:21
Afspil senere
Afspil senere
Lister
Like
Liked
33:21
In recent years, the persona known as LockbitSupp has emerged as a notorious figure in the cybercrime underground. The primary administrator of the LockBit ransomware, LockbitSupp has become fantastically wealthy operating the world’s most prolific ransomware. Last week, the FBI and a coalition of international law enforcement agencies unmasked Loc…
…
continue reading
1
Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security
17:29
17:29
Afspil senere
Afspil senere
Lister
Like
Liked
17:29
In this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of…
…
continue reading
1
Stefan Soesanto on Ukrainian hack and leak ops; cyberattack in Georgia
41:57
41:57
Afspil senere
Afspil senere
Lister
Like
Liked
41:57
When Russia invaded Ukraine in February of 2022, it was immediately apparent that the conflict would in part be waged in cyberspace. As Russian tanks rolled into Ukraine, Russian forces also launched a cyberattack against satellite modems that impacted the Ukrainian military’s ability to communicate. Since then, Russian cyberattacks have been a reg…
…
continue reading
1
Christoph Kern and the Challenge of Keeping Google Secure
20:50
20:50
Afspil senere
Afspil senere
Lister
Like
Liked
20:50
In this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security. 00:42 - Christoph offers a rundown of his duties at Google 01:3…
…
continue reading
1
Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack
49:55
49:55
Afspil senere
Afspil senere
Lister
Like
Liked
49:55
At last August’s DEF CON computer security conference, more than 2,000 people tried their hands at breaking some of the world’s most advanced AI models. That event was the largest-ever public red-teaming event of large language models, and since then policymakers are continuing to look to red-teaming as a key tool in responsibly deploying AI system…
…
continue reading
1
Sayash Kapoor on AI risk; Federal agencies affected by Russian breach of Microsoft
43:36
43:36
Afspil senere
Afspil senere
Lister
Like
Liked
43:36
Amid the endless hype about AI — how it will either revolutionize the world or end it as we know it — Sayash Kapoor is a rare voice of reason. A PhD candidate at Princeton University and a researcher at the Center for Information Technology and Policy, he is also the author of the newsletter AI Snake Oil, an essential resource to understand AI, its…
…
continue reading
1
Vincent Danen and the Art of Vulnerability Management
18:36
18:36
Afspil senere
Afspil senere
Lister
Like
Liked
18:36
Omkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. He’s also on the Governing Board of the OpenSSF. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating…
…
continue reading
1
Dave Aitel on ‘secure by design’; CISA’s rules for cyber incident reporting
46:03
46:03
Afspil senere
Afspil senere
Lister
Like
Liked
46:03
In order to deliver major improvement in the security of the digital systems we all rely on, the Biden administration has embarked on a major initiative known as secure by design. That initiative aims to build more secure hardware and software by prioritizing security in the design process and asks developers to rethink how they approach building p…
…
continue reading
1
Byron Tau on data brokers; US sanctions, indicts Chinese hackers
43:42
43:42
Afspil senere
Afspil senere
Lister
Like
Liked
43:42
Journalist Byron Tau sits down with host Elias Groll to discuss his eye-opening book about commercially available data. CyberScoop reporter Derek B. Johnson joins the show to discuss recent indictments and sanctions targeting Chinese hackers accused of surveilling politicians and dissidents.Af Safe Mode Podcast
…
continue reading
Omkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF) and a veteran cybersecurity and technical risk management executive. Before joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a…
…
continue reading
1
Sherrod DeGrippo on APT groups experimenting with AI
40:30
40:30
Afspil senere
Afspil senere
Lister
Like
Liked
40:30
When ChatGPT debuted in the fall of 2022, it set the internet ablaze and opened many people’s eyes to the capabilities of a new generation of machine learning technology. It also caught the attention of some of the world’s most sophisticated hackers. For the companies developing leading edge AI models, preventing hackers from misusing them now repr…
…
continue reading
1
Kiersten Todt on the cybersecurity policy landscape; AI training for election officials
39:39
39:39
Afspil senere
Afspil senere
Lister
Like
Liked
39:39
Kiersten Todt has worked on just about every hot-button cybersecurity issue you can imagine. Currently the CEO of Liberty Group Ventures, her most recent role in government was as the chief of staff at the Cybersecurity and Infrastructure Security Agency. As a Senate staffer, she drafted key parts of the legislation that created the Department of H…
…
continue reading
1
David Haber breaks down the AI security industry; ALPHV snarls U.S. health care
47:39
47:39
Afspil senere
Afspil senere
Lister
Like
Liked
47:39
Every day, AI models are being deployed in new places, and that is creating demand for a new industry: companies that secure AI systems. Whether it’s preventing models from being used to write malicious code or creating spearphishing emails or keeping safe the data that companies are using to train AI systems, large language models raise a host of …
…
continue reading
1
Robert M. Lee on critical infrastructure attacks; and is LockBit back?
44:59
44:59
Afspil senere
Afspil senere
Lister
Like
Liked
44:59
In recent months, U.S. security officials have issued a series of dire warnings about the hacking threat to American critical infrastructure. According to a chorus of intelligence officials, Chinese hacking groups have infiltrated U.S. critical infrastructure entities like ports and power grids, prepositioning themselves in the event of a conflict.…
…
continue reading
1
LockBit’s very bad day; Adam Meyers on Israel-Gaza cyber ops
35:46
35:46
Afspil senere
Afspil senere
Lister
Like
Liked
35:46
When Hamas fighters crossed into Israel on Oct. 7, killing some 1,200 Israelis and kidnapping hundreds more, it marked a new era of the conflict between Israel and an array of militant groups. Most of that conflict has played out in the form of brutal, bloody fighting, but it has also taken place online in the form of cyber operations. Adam Meyers,…
…
continue reading
1
Legal aid for hackers; Big Tech wants action on commercial spyware
33:14
33:14
Afspil senere
Afspil senere
Lister
Like
Liked
33:14
Whether you call it hacking or legitimate security research, getting computers to do things that they shouldn’t is an activity that exists in a legal gray area. Sometimes, hackers acting in good faith will find themselves on the other end of a cease-and-desist letter, a lawsuit, or even a prosecution. A new initiative called the Security Research L…
…
continue reading
1
How the Pentagon is embracing AI; election officials’ concerns going into 2024
45:50
45:50
Afspil senere
Afspil senere
Lister
Like
Liked
45:50
Everyone seems to agree that AI is going to revolutionize warfare, but exactly how is very much up for debate. Jack Shanahan has worked at the center of the U.S. military’s attempt to integrate AI into how wars are fought. In 2020, he retired as a Lieutenant General from the U.S. Air Force after a 36-year career. He was the inaugural director of th…
…
continue reading
1
Craig Newmark on why he’s funding cybersecurity projects
37:47
37:47
Afspil senere
Afspil senere
Lister
Like
Liked
37:47
Founded in 1995, Craigslist helped shape the modern web as we know it today, reshaping online economies and how people bought and sold goods. Today, its founder Craig Newmark is perhaps better known for his philanthropy than the classifieds site he founded. Newmark’s philanthropy spans issues of cybersecurity, technology and journalism, and he join…
…
continue reading
1
Threats to elections in 2024 and a deepfake in New Hampshire
44:18
44:18
Afspil senere
Afspil senere
Lister
Like
Liked
44:18
In the year 2024, elections will take place around the world affecting some 4 billion people — an election year unlike any other. Besides the United States, voters will go to the polls in the European Union, the United Kingdom, India, Mexico and Indonesia, just to name a few. The next time we’ll see this many elections in one year will be in 2048. …
…
continue reading
1
How do you prevent a political campaign from getting hacked?
42:58
42:58
Afspil senere
Afspil senere
Lister
Like
Liked
42:58
The upcoming year will feature an unprecedented number of democratic elections. In addition to the United States’s pivotal federal elections, countries that collectively make up more than half of the world’s populations will head to the polls. These elections are taking place against the backdrop of pervasive security vulnerabilities and come on th…
…
continue reading
1
Looking back at 2023 with the NSA’s Rob Joyce and Morgan Adamski
52:09
52:09
Afspil senere
Afspil senere
Lister
Like
Liked
52:09
In our first episode of the year, we begin by looking back at 2023. The NSA’s Rob Joyce and Morgan Adamski sit down with host Elias Groll to examine the major cybersecurity trends of the year, the evolution of Russian hacking operations, how China is targeting U.S. critical infrastructure and how AI is changing the cybersecurity business. FedScoop …
…
continue reading
1
Major breaches, the government’s AI push and UFOs: Scoop reporters on 2023’s biggest stories
51:08
51:08
Afspil senere
Afspil senere
Lister
Like
Liked
51:08
In our final episode of the year, host Elias Groll sits down with reporters from CyberScoop, FedScoop and Defense Scoop to discuss the biggest stories of the year. Christian Vasquez and AJ Vicens join the show to talk through the biggest breaches of the year and how the cybersecurity landscape changed in 2023. Madison Alder and Rebecca Heilweil com…
…
continue reading
1
Five years of Distributed Denial of Secrets and a dangerous automotive vulnerability
1:02:32
1:02:32
Afspil senere
Afspil senere
Lister
Like
Liked
1:02:32
It was WikiLeaks that pioneered the publishing and hosting of sensitive information, and while Julian Assange’s whistleblowing project has withered away, groups like Distributed Denial of Secrets are carrying on the work of trying to make public interest material more widely available — and to do so more responsibly. Emma Best is the founder of DDO…
…
continue reading
1
Iranian attacks on U.S. water systems and the data broker economy
46:07
46:07
Afspil senere
Afspil senere
Lister
Like
Liked
46:07
To be a person in the world today is to have your data collected. Whether it’s your internet browsing history, your location history as you walk around with your phone in your pocket, or the purchases you make online, there’s few human activities today that aren’t in one way or another tracked. So what happens with all that data once it’s collected…
…
continue reading
1
Supercomputers for AI and the proliferation of commercial spyware
30:32
30:32
Afspil senere
Afspil senere
Lister
Like
Liked
30:32
A growing industry exists today that provides governments with highly advanced tools to surveil their opponents. While this industry has become personified by Israel’s NSO Group, it in fact goes far beyond this one firm. The commercial spyware industry is growing rapidly, posing major human rights concerns and exposing dissidents, journalists and m…
…
continue reading
1
A deep dive on cyberpsychology and a look at autonomy in the U.S. military
45:49
45:49
Afspil senere
Afspil senere
Lister
Like
Liked
45:49
Just as behavioral psychology revolutionized economics by integrating human behavior into the study of financial decisions — creating the field of behavioral economics — the study of cyberpsychology tries to put the human being at the center of conversations about cybersecurity. Dr. Mary Aiken is one of its foremost practitioners and also happens t…
…
continue reading
1
Russian cyberattack cut power in Ukraine, Michigan secretary of state talks election security
35:44
35:44
Afspil senere
Afspil senere
Lister
Like
Liked
35:44
Russia’s cyberattacks against Ukraine’s electrical grid occupy a canonical place in the history of cyber warfare. By turning out the lights in Ukraine in 2016 and 2017, Russia demonstrated the reach of digital weapons. Now researchers have revealed that Moscow’s hackers struck the Ukrainian grid in 2022. CyberScoop reporters AJ Vicens and Christian…
…
continue reading
1
Biden’s AI executive order and a CIA veteran on North Korean cyber ops
58:37
58:37
Afspil senere
Afspil senere
Lister
Like
Liked
58:37
President Joe Biden’s sprawling executive order on artificial intelligence has finally arrived. The sprawling document contains a long list of new requirements. Leading AI companies have to report training runs and the results of red team tests. A slew of agencies are tasked with developing new standards and rules to address AI risks. And a long li…
…
continue reading
1
The “new elite” shaping coverage of Israel and Gaza
41:03
41:03
Afspil senere
Afspil senere
Lister
Like
Liked
41:03
Over the past 15 years, Twitter — now X — has become pivotal to how we understand crises. From the Arab Spring to Russia’s invasion of Ukraine and, now, the conflict between Israel and Hamas, X is the first platform to which many people turn to understand and report on rapidly unfolding events.Elon Musk’s acquisition of the platform has fundamental…
…
continue reading
1
Inside the FBI’s DDOS investigations with Special Agent Elliott Peterson
36:51
36:51
Afspil senere
Afspil senere
Lister
Like
Liked
36:51
Distributed denial of service attacks are one of the great nuisances of online life today, but they can also have more serious impact on the internet, disrupting access to crucial services and information at critical moments. FBI Special Agent Elliott Peterson is one of the bureau’s most seasoned investigators of the networks responsible for launch…
…
continue reading
1
Perri Adams on DARPA’s AI cyber challenge and Israeli cyber operations
38:57
38:57
Afspil senere
Afspil senere
Lister
Like
Liked
38:57
Cybersecurity firms have pioneered the use of artificial intelligence in their products, but the latest generation of AI technology offers hope that a greater share of the work to secure computer systems could be automated. A new competition at the Defense Advanced Projects Research Agency aims to jump start efforts to build open source AI tools to…
…
continue reading
1
GOP presidential candidate Will Hurd on cyber, AI and China
47:14
47:14
Afspil senere
Afspil senere
Lister
Like
Liked
47:14
When Will Hurd served in the House of Representatives he quickly made a name for himself as one of the Congress’s leading voices on cybersecurity. The Texas Republican helped pass a series of key technology modernization bills and gained a reputation as a sensible bipartisan dealmaker. A former CIA operations officer, Hurd was once billed as the fu…
…
continue reading
1
Journalist Kashmir Hill on facial recognition and the underage hackers hitting Vegas
41:02
41:02
Afspil senere
Afspil senere
Lister
Like
Liked
41:02
When journalist Kashmir Hill first revealed the facial recognition technology built by Clearview AI it served as a wake up call for what a group of renegade technologists with few ethical foibles could do to society. By amassing a huge trove of facial images and training an algorithm on that data, Clearview built a product with an unprecedented abi…
…
continue reading
1
Venture capital landscape for cybersecurity startups and how Elon Musk broke X's privacy protections
30:58
30:58
Afspil senere
Afspil senere
Lister
Like
Liked
30:58
A slowing U.S. economy has taken a brutal toll on cybersecurity companies. A deteriorating economic environment has resulted in cutbacks in security spending, rising interest rates have placed pressure on venture-backed start-ups and many cybersecurity firms have conducted lay-offs. On this episode of Safe Mode, Roger Thornton, a cybersecurity-focu…
…
continue reading
1
Ten years of I Am the Cavalry, a Microsoft mystery revealed and Trickbot sanctions
42:36
42:36
Afspil senere
Afspil senere
Lister
Like
Liked
42:36
Josh Corman and Beau Woods, the founders of I Am the Cavalry, join CyberScoop Senior Editor to discuss the ten-year anniversary of their grassroots hacking group and their efforts to address the crisis in computer security. CyberScoop reporter AJ Vicens joins the podcast to talk about sanctions against the Trickbot hacking gang. And a mystery will …
…
continue reading
1
Big ideas for solving the cyber skills gap, hacking AI and furries at DEF CON
41:57
41:57
Afspil senere
Afspil senere
Lister
Like
Liked
41:57
It’s been called the cybersecurity poverty line. Many organizations just don’t have the money to afford a skilled cybersecurity team to protect themselves from hackers. But there’s a movement afoot to change that dynamic through cybersecurity clinics that can support organizations in need. The Center for Long-Term Cybersecurity at the University of…
…
continue reading
1
Live from Black Hat: Juan Andres Guerrero-Saade on Microsoft’s recent cybersecurity problems
56:04
56:04
Afspil senere
Afspil senere
Lister
Like
Liked
56:04
A string of breaches involving Microsoft infrastructure has left many within the security community frustrated with the company’s approach to securing its systems. CyberScoop Senior Editor Elias Groll sat down at the Black Hat security conference in Las Vegas with Juan Andres Guerrero-Saade, a principal threat researcher at SentinelOne, to discuss …
…
continue reading
1
Former National Cyber Director Chris Inglis from Black Hat in Las Vegas
51:08
51:08
Afspil senere
Afspil senere
Lister
Like
Liked
51:08
Chris Inglis led the Office of the National Cyber Director until February of this year and helped steer national policy on some of the most pressing national security issues. He talks with CyberScoop senior editor Elias Groll from Black Hat in Las Vegas. CyberScoop reporter Tonya Riley joins the show to discuss how the White House may attempt to cu…
…
continue reading
1
FBI surveillance and the fight in Washington over FISA Section 702
42:52
42:52
Afspil senere
Afspil senere
Lister
Like
Liked
42:52
Sean Vitka, senior policy counsel at the tech advocacy group Demand Progress, joins the show to discuss the debate over Section 702 of the Foreign Intelligence Surveillance Act and how law enforcement can use the controversial tool to spy on Americans. CyberScoop senior editor Elias Groll talks about two big cybersecurity conferences this week in L…
…
continue reading