#48 Peter Waegemann, Security in the Medical Industry

Summary
Peter Waegemann author of Knowledge Capital in the Digital Society and I discuss security in the medical industry and why he advocates for less privacy.

Details
Who he is; Peter's background; overview of security in the medical field, more secure than the media suggests, less secure than it should be; Peter's views on privacy/security have changed over the years; why he was booed off stage; fear of breaches vs reality of damage done; the importance of data integrity; how privacy adversely affects outcomes; what the laws or regulations should look like; wrap up.

Download mp3 of podcast

#17 Robert Hurlbut, Software security

Summary
Robert Hurlbut and I discuss various aspects of software security

Details
Background, why security isn’t thought about enough, out of the box security with MVC, XSS, CSRF, model binding and parameter tampering; https everything or just on parts of a site; Microsoft improving security, open source issues, inclusion of open source in hardware security devices; unmanaged code in web apps; typical weaknesses in software, password security; software review process, threat models, code reviews, fuzz testing; healthcare security, medical devices, attack vectors, Barnaby Jack, how to build secure devices; finding good security professionals, conferences and tradeshows; books; dont roll your own security; Robert’s presentation at Boston Code Camp.

Book Recommendations
Iron-Clad Java: Building Secure Web Applications

Writing Secure Code (2nd Edition) (Developer Best Practices)

Software Security: Building Security In

#15 Linus Olsson, Hemlis project

Summary
Linus Olsson of the Hemlis project discusses what Hemlis is, why they are building it and how it works.

Details
Linus I and discuss his background, what is Hemlis, why build it; open source; need for security and privacy, does encryption make you a target, good encryption vs bad encryption; why trust Hemlis, legal requests for data, would he go to jail to protect users; how it works, public key encryption, easier than PGP, type of encryption, back door on phone, base band hacking; open source vulnerabilities; servers, just for relaying, graphs, peer-to-peer not viable; scaling; release date, usability; how to promote your software; pricing, premium features, enterprise solution.

Book Recommendations
The Mom Test: How to talk to customers & learn if your business is a good idea when everyone is lying to you

The Lean Startup: How Today’s Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses