All Episodes

Open source is critical infrastructure with Kat Cosgrove

How to actually test a disaster plan with David Bernstein

Open Source Pledge with Vlad-Stefan Harbuz

Building a plan for disaster with David Bernstein

Open Source Malware with Paul McCarty

Package management challenges with Andrew Nesbitt

Open Source Security at scale with Michael Winser

2026 State of the Software Supply Chain with Brian Fox

MCP and Agent security with Luke Hinds

The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

Rust coreutils with Sylvestre Ledru

Goose and the Agentic AI Foundation with Brad Axen

The Global Vulnerability Intelligence Platform with Olle E. Johansson

Digital Sovereignty and Nextcloud with Frank Karlitschek

The Art of Crisis Management with David Bernstein

WTF is a passkey with William Brown

All about Suricata with Victor Julien

Iocaine poisons bots with Gergely Nagy

Anubis with Xe Iaso

Rustls with Dirkjan and Joe

Daniel Thompson answers: Does the CRA apply to Santa?

Linux Foundation Europe with Gabriele Columbro

Updating open source dependencies with Jamie Tanna

TARmageddon with Alex Zenla

Python Security with Seth Larson

Linux Vendor Firmware Service with Richard Hughes

NPM supply chain attacks with Charlie Eriksen

Detecting XZ in Debian with Otto Kekäläinen

Eclipse Foundation SBOMs with Mikael Barbero

Actually finding vulnerabilities using AI with Joshua Rogers

Sustaining Package Repositories with Brian Fox

Arch Linux Security with Foxboron and Anthraxx

OpenSSL with Hana Andersen and Anton Arapov

The Python Software Foundation with Deb Nicholson

Using Mercator to map assets with Didier Barzin

Talos Linux security with Andrey Smirnov

Discussing the Open Source, Open Threats? paper with Behzad and Ali

crates.io trusted publishing with Tobias Bieniek

CVE update with Patrick Garrity

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

EU Regulations will change everything with Daniel Thompson

Open source microprocessors with Jan Pleskac

Package URLs with Philippe Ombredanne

Hobbyist Maintainers with Thomas DePierre

STIG automation with Aaron Lippold

Ecosyste.ms with Andrew Nesbitt

Curl vs AI with Daniel Stenberg

Repository signing with Kairo De Araujo

Securing GitHub Actions with William Woodruff

Embedded Security with Paul Asadoorian

tj-actions with Endor Lab's Dimitri Stiliadis

Syft, Grype, and Grant with Alan Pope

CVE for EOL with Aaron Frost

cargo-semver-checks with Predrag Gruevski

Distributed CI and Git with Lars Wirzenius

FIDO authentication with William Brown

CRA with Luis Villa

Open Source Malware with Brian Fox

Open Source Foundations with Kelley Misata of Suricata

Forking Open Source Projects with Sheogorath

Patching EOL Open Source with Aaron Frost

Why do we keep ignoring CI security with François Proulx

Modern day authentication with Marc Boorshtein

Open Source Maintenance with Gary Kramlich

Safety vs Security with Thomas Depierre

The Future of Open Source Security

Episode 461 - The new NIST password guidance

Episode 460 - Santa's Supply Chain Security

Episode 459 - CWE Top 25 List

Episode 458 - FBI endorses E2E encryption

Episode 457 - The D-Link D-bacle

Episode 456 - What if XZ happened to a company? The openness of open source

Episode 455 - Wordpress plugin security

Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift

Episode 453 - Software Liability

Episode 452 - All about Meshtastic

Episode 451 - Python security with Seth Larson

Episode 450 - What's Wrong With WordPress

Episode 449 - The CUPSpocalypse

Episode 448 - What's wrong with CISA?

Episode 447 - The Tidelift 2024 open source maintainer report

Episode 446 - Researchers took over .MOBI TLD

Episode 445 - EPSS with Jay Jacobs

Episode 444 - Open Source and End of Life

Episode 443 - The Supply Chain Security Crisis

Episode 442 - The foundation of society, TLS certificates are a mess

Episode 441 - Is CWE useful?

Episode 440 - "What is open source" talk Josh gave

Episode 439 - Where are all the youth in open source?

Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice

Episode 437 - CocoPods and proper funding for open source

Episode 436 - OpenSSH and node-ip - it's all exponential growth

Episode 435 - polyfill.io - open source is too big to fix

Episode 434 - Unreported vulnerabilities and everyone is getting hacked

Episode 433 - Should OpenSSH block misbehaving clients?

Episode 432 - Flipper Zero with Alex Kulagin

Episode 431 - Redirecting HTTP to HTTPS

Episode 430 - Frozen kernel security

Episode 429 - The autonomy of open source developers

Episode 428 - GitHub artifact attestation

Episode 427 - Will run0 replace sudo?

Episode 426 - Automatically exploiting CVEs with AI

Episode 425 - Video game cheaters, also pretendo

Episode 424 - The Notepad++ Parasite Website

Episode 423 - FCC cybersecurity label for consumer devices

XZ Bonus Spectacular Episode

Episode 422 - Do you have a security.txt file?

Episode 421 - CISA's new SSDF attestation form

Episode 420 - What's going on at NVD

Episode 419 - Malicious GitHub repositories

Episode 418 - Being right all the time is hard

Episode 417 - Linux Kernel security with Greg K-H

Episode 416 - Thomas Depierre on open source in Europe

Episode 415 - Reducing attack surface for less security

Episode 414 - The exploited ecosystem of open source

Episode 413 - PyTorch and NPM get attacked, but it's OK

Episode 412 - Blame the users for bad passwords!

Episode 411 - The security tools that started it all

Episode 410 - Package identifiers are really hard

Episode 409 - You wouldn't hack a train?

Episode 408 - Does Kubernetes need long term support?

Episode 407 - Should Santa use AI?

Episode 406 - The security of radio

Episode 405 - Modding games isn't cheating and security isn't fair

Episode 403 - Does the government banning apps work?

Episode 402 - The EU's eIDAS regulation is a terrible idea

Episode 401 - Security skills shortage - We've tried nothing and the same thing keeps happening

Episode 400 - When can the government hack a victim?

Episode 399 - Curl, Security, and Daniel Stenberg

Episode 398 - Is only 11% of open source maintained?

Episode 397 - The curl and glibc vulnerabilities

Episode 396 - CLAs are bad, Mkay?

Episode 395 - Uncertainty, trust, and security

Episode 394 - The lie anyone can contribute to open source

Episode 393 - Can you secure something you don't own?

Episode 392 - Curl and the calamity of CVE

Episode 391 - The Wordpress 100 year disaster recovery problem

Episode 390 - Rust shipping binaries doesn't matter

Episode 389 - What would HashiCorp do?

Episode 388 - Video game vulnerabilities

Episode 387 - Enterprise open source is different

Episode 386 - We are watching web 2.0 burn

Episode 385 - Is open source an insider threat?

Episode 384 - What's next for open source?

Episode 383 - Is open source dying?

Episode 382 - Red Hat, you were the chosen one!

Episode 381 - WTF Reddit, APIs and risk

Episode 380 - A new Sovereign Tech Fund program and the BBC on destroying hard drives

Episode 379 - Will open source save the world, again?

Episode 378 - Naming things is harder than security

Episode 377 - The world is changing too fast for humans to understand

Episode 376 - Open Source Summit, who built your open source, and AI

Episode 375 - The market forces of left-pad, Episode 77 remaster part 2

Episode 374 - The event we called left-pad, Episode 77 remaster part 1

Episode 373 – HHGG security, Episode 42 remaster part 2

Episode 372 - HHGG security, Episode 42 remaster part 1

Episode 371 - pip install is the tool we deserve but not the tool we need

Episode 370 - Open Source is bigger than you can imagine

Episode 369 - OpenAI broke ChatGPT then tried to blame open source

Episode 368 - The Sovereign Tech Fund with Fiona Krakenbürger

Episode 367 - Open source will never be the same

Episode 366 - Software liability is coming

Episode 365 - "I am not your supplier" with Thomas Depierre

Episode 364 - Using SBOMs is hard

Episode 363 - Joylynn Kirui from Microsoft on DevSecOps

Episode 362 - A lesson in Rust from Carol Nichols

Episode 361 - GitHub got pwnt, but it wasn't very exciting

Episode 360 - Memory safety and the NSA

Episode 359 - The NOTAM outage and other legacy technology

Episode 358 - Furby vs Alexa

Episode 357 - Is open source being overexploited?

Episode 356 - LastPass ducked up, now what?

Episode 355 - Security Boxing Day

Episode 354 - Jerry Bell tells us why Mastodon is awesome and MFA is hard

Episode 353 - Jill Moné-Corallo on GitHub's bug bounty program

Episode 352 - Stylometry removes anonymity

Episode 351 - Is security or usability a law of the universe?

Episode 350 - Spam, Email, Content Moderation, and Infrastructure Oh My

Episode 349 - The cyber is coming from inside the house - the UK is scanning itself

Episode 348 - OpenSSL is the new lead paint

Episode 347 - Airtags in luggage and weasel security - two peas in a suitcase

Episode 346 - Security and working from home have terrible things in common

Episode 345 - Cheap hacking devices turn security upside down

Episode 344 - Python tarfile - 2022 is nothing like 2007

Episode 343 - Stop trying to fix the open source software supply chain

Episode 342 - Programming languages are the new operating system

Episode 341 - Time till open source alternative

Episode 340 - Let's chat about Let's Encrypt with Josh Aas

Episode 339 - Is a network problem a security vulnerability

Episode 338 - The government didn't make vulnerabilities illegal. Yet.

Episode 337 - Security patches are getting worse - Dustin Childs from ZDI tells us why

Episode 336 - We don't have data, we have security biases

Episode 335 - Bull*&$% security ideas

Episode 334 - Leap seconds break everything

Episode 333 - Open Source is unfair

Episode 332 - PyPI: 2FA or not 2FA, that is the question

Episode 331 - GPG, but nothing makes sense

Episode 330 - The sliding scale of risk: seeing the forest for the trees

Episode 329 - Signing (What is it good for)

Episode 328 - The Security of Jobs or Job Security

Episode 327 - The security of alert fatigue

Episode 326 - Big fat containers

Episode 325 - Is one open source maintainer enough?

Episode 324 - WTF is up with WFH

Episode 323 - The fake 7-Zip vulnerability and SBOM

Episode 322 - Adam Shostack on the security of Star Wars

Episode 321 - Relativistic Security: Project Zero on 0day

Episode 320 - Security Twitter is not the real world

Episode 319 - Patch Tuesday with a capital T

Episode 318 - Social engineering and why zlib got a 2018 CVE ID

Episode 317 - The lack of compromise in security

Episode 316 - You have to use open source

Episode 315 - Who even makes all these terrible decisions?

Episode 314 - The Linux Dirty Pipe vulnerability

Episode 313 - Insecurity at scale

Episode 312 - The Legend of the SBOM

Episode 311 - Did you scan the QR code?

Episode 310 - Hayley Tsukayama from the EFF talks about privacy

Episode 309 - The bright future of open source security

Episode 308 - Welcome to the jungle - How to talk about open source security

Episode 307 - Got vulnerabilities? Introducing GSD

Episode 306 - Open source isn't broken, it's an experience

Episode 305 - Norton, Ethereum, NFT, and Apes

Episode 304 - Will we ever fix all the vulnerabilities?

Episode 303 - Log4j Christmas Spectacular!

Episode 302 - Log4j is a mess

Episode 301 - You're holding it wrong: the importance of unlearning

Episode 300 - Apple vs NSO: What can copyright do for you?

Episode 299 - Experts From A World That No Longer Exists

Episode 298 - David A Wheeler discusses the OpenSSF

Episode 297 - 25 years of smashing stacks, fun, and profit

Episode 296 - Is Trojan Source a vulnerability?

Episode 295 - Open source security isn't free

Episode 294 - Chris Wysopal on the state of security education

Episode 293 - Scoring OpenSSF Security Scoring

Episode 292 - Apache RCE and Twitch epic pwn

Episode 291 - Everyone sucks at vulnerability disclosure

Episode 290 - The security of the Matrix

Episode 289 - Who left this 0day on the floor?

Episode 288 - Linux Kernel compiler warnings considered dangerous

Episode 287 - Is GitHub's Copilot the new Clippy?

Episode 286 - Open source supply chain with Google's Dan Lorenc

Episode 285 - Open source owes you nothing!

Episode 284 - What happens when we DRM power tools?

Episode 283 - When vulnerability disclosure becomes dangerous

Episode 282 - The security of Rust: who left all this awesome in here?

Episode 281 - If you spy on journalists, you're the bad guys

Episode 280 - The perils of Single Sign On

Episode 279 - The audacity of Audacity: When open source goes rogue

Episode 278 - Could SELinux have stopped SolarWinds?

Episode 277 - Privacy and activism with Chris Weiland

Episode 276 - Security, behavior, and the environment

Episode 275 - What in the @#$% is going on with ransomware?

Episode 274 - Mr. Amazon's Neighborhood

Episode 273 - Can we stop the coming artificial unintelligence deluge?

Episode 272 - The Biden Cybersecurity Executive Order

Episode 271 - Pipeline security: There is no problem humans can't make worse

Episode 270 - Hello dark patterns my old friend

Episode 269 - Do not experiment on the Linux Kernel

Episode 268 - Can we trust any 3rd parties?

Episode 267 - Does 0day still mean 0day?

Episode 266 - The future of security scanning with Debricked

Episode 265 - The lies closed source can tell, open source can't

Episode 264 - DevSecOps with GitLab's Mark Loveless

Episode 263 - GitHub pulls exploits, LinuxFoundation sign all the things

Episode 262 - A discussion with Loris and Pop from Sysdig

Episode 261 - DWF is back! Welcome to community powered CVE

Episode 260 - Dave Jevans tells us what CipherTrace is up to

Episode 259 - What even is open source anymore?

Episode 258 - Stop using C

Episode 257 - The sudo and libgcrypt vulnerabilities

Episode 256 - 9 bits of podcast, 8 bits of computing

Episode 255 - What if security wasn't joyless?

Episode 254 - Right to Repair Security

Episode 253 - Defenders only need to be right once

Episode 252 - Is open source dangerous? Open source won, who cares, shut up!

Episode 251 - Communication is hard, security communication is more hard

Episode 250 - Door 25: Why do we do the things we do? Question everything

Episode 249 - Door 24: Information wants to be free

Episode 248 - Door 23: How to report 1000 security flaws

Episode 247 - Door 22: How to report one security flaw

Episode 246 - Door 21: Bug bounties

Episode 245 - Door 20: Is SMS 2FA better than no 2FA?

Episode 244 - Door 19: TLS certificate trust

Episode 243 - Door 18: Don't roll your own crypto or auth

Episode 242 - Door 17: Vulnerability response

Episode 241 - Door 16: 16 bits of change

Episode 240 - Door 15: Supplier compliance

Episode 239 - Door 14: Backdoors

Episode 238 - Door 13: Unlucky or survivor bias?

Episode 237 - Door 12: Video game hacking

Episode 236 - Door 11: Should you get on a 737?

Episode 235 - Door 10: Deciding what information matters

Episode 234 - Door 09: public key cryptography

Episode 233 - Door 08: man 8 security

Episode 232 - Door 07: 7 is the best prime, 2 is the dumbest

Episode 231 - Door 06: 6 wifi risks ... that don't actually matter

Episode 230 - Door 05: 5 reasons you need 24/7 robot monitoring

Episode 229 - Door 04: EFF's Cover Your Tracks

Episode 228 - Door 03: Do all vulnerabilities matter equally?

Episode 227 - Door 02: Marketing department or selection bias?

Episode 226 - Door 01: Advent calendars

Episode 225 - Who is responsible if IoT burns down your house?

Episode 224 - Are old Android devices dangerous?

Episode 223 - Full disclosure won, deal with it

Episode 222 - HashiCorp Boundary with Jeff Mitchell

Episode 221 - Security, magic, and FaceID

Episode 220 - Securing network time and IoT

Episode 219 - Chat with Larry Cashdollar

Episode 218 - The past was a terrible place

Episode 217 - How to tell your story with Travis Murdock

Episode 216 - Security didn't find life on Venus

Episode 215 - Real security is boring

Episode 213 - Security Signals: What are you telling the world

Episode 212 - Grab Bag: The Security We Deserve Edition

Episode 211 - The only thing harder than signing files is managing users

Episode 210 - Cult of Information Security

Episode 209 - Secure Boot isn't Secure

Episode 208 - Passwords are pollution

Episode 207 - Weaponized attention

Episode 206 - Confidential Virtual Machines; The future of cloud computing

Episode 205 - The State of Open Source Security with Alyssa Miller from Snyk

Episode 204 - What Would Apple Do?

Episode 203 - Humans, conferences, and security: let me think and get back to you in a bit

Episode 202 - The convergence of application security

Episode 201 - We broke CVSSv3, now how do we fix it?

Episode 200 - Talking Container Security with Liz Rice

Episode 199 - Special cases are special: DNS, Websockets, and CSV

Episode 198 - Good advice or bad advice? Hang up, look up, and call back

Episode 197 - Beer, security, and consistency; the newer, better, triad

Episode 196 - Pounding square solutions into round holes: forced updates from Ubuntu

Episode 195 - Is BGP actually insecure?

Episode 194 - Working from home security: resistance is futile

Episode 193 - Security lessons from space: Apollo 13 edition

Episode 192 - Work without progress - what Infosec can learn from treadmills

Episode 191 - Security scanners are all terrible

Episode 190 - Building a talent "ecosystem"

Episode 189 - Video game hackers - speedrunning

Episode 188 - Depressing news sucks, we're talking about cheating in video games

Episode 187 - Wireguard vs IPsec: the OK Boomer of security

Episode 186 - Endpoint security with Tony Meehan

Episode 185 - Is it even possible to fix open source security?

Episode 184 - It's DNS. It's always DNS

Episode 183 - The great working from home experiment

Episode 182 - Does open source owe us anything?

Episode 181 - The security of SIM swapping

Episode 180 - A Tale of Two Vulnerabilities

Episode 179 - Google Project Zero and the 90 day clock

Episode 178 - Are CVEs important and will ransomware put you out of business?

Episode 177 - Fake or real? The security of counterfeit goods

Episode 176 - The 'predictions are stupid' prediction episode

Episode 175 - Defenders will always be one step behind

Episode 174 - GitHub turns security up to 11; A discussion with Rob Schultheis

Episode 173 - Ho Ho Homeland Security

Episode 172 - The security of planned obsolescence

Episode 171 - Measuring cybersecurity with Kathryn Waldron

Episode 170 - Until that quantum computer is cracking RSA keys, go sit back down!

Episode 169 - What happens when leadership doesn't care about security?

Episode 168 - The draconian draconians of DRM

Episode 167 - Security is terrible because digital literacy is terrible

Episode 166 - Every day should be cybersecurity awareness month!

Episode 165 - Grab Bag of Microsoft Security News

Episode 164 - DNS over HTTPS: Probably not the end of the world

Episode 163 - Death to Python 2

Episode 162 - SBOM with Allan Friedman

Episode 161 - Human nature and ad powered open source

Episode 160 - Disclosing security issues is insanely complicated: Part 2

Episode 159 - Disclosing security issues is insanely complicated: Part 1

Episode 158 - The mess that we call credit agencies in the US

Episode 157 - Backdoors and snake oil in our cryptography

Episode 156 - What if we MitM a whole country?

Episode 155 - Stealing cars and ransomware

Episode 154 - Chat with the authors of the book "The Fifth Domain"

Episode 153 - The unexpected security of AI, photographs, and VPN

Episode 152 - Tavis breaks the world ... again

Episode 151 - The DARPA Cyber Grand Challenge with David Brumley

Episode 150 - Our ad funded dystopian present

Episode 149 - Chat with Michael Coates about data security

Episode 148 - You just got pwnt, what now?

Episode 147 - Scams and operations as part of the supply chain

Episode 146 - What the @#$% happened to Microsoft?

Episode 145 - What do security and fire have in common?

Episode 144 - The security of money, which one is best?

Episode 143 - Security lessons from the phone book

Episode 142 - Hypothetical security: what if you find a USB flash drive?

Episode 141 - Timezones are hard, security is harder

Episode 140 - Good enough security is a pretty high bar

Episode 139 - Secure voting, firefox send, and toxic comments on the internet

Episode 138 - Information wants to be free

Episode 137.5 - Holy cow Beto was in the cDc, this is awesome!

Episode 137 - When the IoT attacks!

Episode 136 - How people feel is more important than being right

Episode 135 - Passwords, AI, and cloud strategy

Episode 134 - What's up with the container runc security flaw?

Episode 133 - Smart locks and the government hacking devices

Episode 132 - Bird Scooter: 0, Cory Doctorow: 1

Episode 131 - Windows micropatches, Google's privacy fine, and Mastercard fixes trial abuse

Episode 130 - Chat with Snyk co-founder Danny Grander

Episode 129 - The EU bug bounty program

Episode 128 - Australia's encryption backdoor bill

2018 Christmas Special - Is Santa GDPR compliant?

Episode 127 - Walled gardens, appstores, and more

Episode 126 - The not so dire future of supply chain security

Episode 125 - Open Source, supply chains, npm, and you

Episode 124 - Cloudflare's service workers and the economics of security

Episode 123 - Talking about Kubernetes and container security with Liz Rice

Episode 122 - What will Apple's T2 chip mean for the rest of us?

Episode 121 - All about the security of voting

Episode 120 - Bloomberg and hardware backdoors - it's already happening

Episode 119 - The Google+ and Facebook incidents, it's not your data anymore

Episode 118 - Cloudflare's IPFS and onion service

Episode 117 - Will security follow Linus' lead on being nice?

Episode 116 - The future of the CISO with Michael Piacente

Episode 115 - Discussion with Brian Hajost from SteelCloud

Episode 114 - Review of "Click Here to Kill Everybody"

Episode 113 - Actual real security advice

Episode 112 - Google's Titan Key and the latest Struts issue

Episode 111 - The TLS 1.3 and DNS episode

Episode 110 - Review of Black Hat, Defcon, and the effect of security policies

Episode 109 - OSCon and actionable advice

Episode 108 - Bluetooth, phishing, airgaps, and eating soup off the floor

Episode 107 - The year of the Linux Desktop and other hardware stories

Episode 106 - Data isn't oil, it's nuclear waste

Episode 105 - More backdoors in open source

Episode 104 - The Gentoo security incident

Episode 103 - The Seven Properties of Highly Secure Devices

Episode 102 - Michael Feiertag from tCell

Episode 101 - Our unregulated future is here to stay

Episode 100 - You're bad at buying security, we can help!

Episode 99 - Consumer security is too broken to fix, and it doesn't matter

Episode 98 - When IT decisions kill people

Episode 97 - Automation: Humans are slow and dumb

Episode 96 - Are legal backdoors a good idea?

Episode 95 - Twitter passwords and npm backdoors

Episode 94 - DNSSEC, BGP, and reality

Episode 93 - Security flaws in beep and patch, how did we get here?

Episode 92 - Chat with Rami Saas the CEO of WhiteSource

Episode 91 - Security lessons from a 7 year old

Episode 90 - Humans and misinformation

Episode 89 - Short selling AMD security flaws

Episode 88 - Chat with Chris Rosen from IBM about Container Security

Episode 87 - Chat with Let's Encrypt co-founder Josh Aas

Episode 86 - What happens when 23 thousand certificates leak?

Episode 85 - NPM ate my files

Episode 84 - Have I been pwned?

Episode 83 - XKCD + CVE = XKCVE

Episode 82 - RSA, TLS, Chrome HTTP, and PCI

Episode 81 - Autosploit, bug bounties, and the future of security

Episode 80 - GPS tracking and jamming

Episode 79 - Skyfall: please don't yell 'fire'

Episode 78 - Risk lessons from Hawaii

Episode 77 - npm and the supply chain

Episode 76 - Meltdown aftermath

Episode 75 - Security Planner review

Episode 74 - Facial recognition and physical security

Episode 73 - Security from Santa

Episode 72 - Bitcoin: It's over 9000

Episode 71 - GitHub's Security Scanner

Episode 70 - The security of Intel ME

Episode 69 - Actionable security advice

Episode 68 - Ruining the Internet

Episode 67 - Cyber won

Episode 66 - Objects in mirror are less terrible than they appear

Episode 65 - Will aliens overthrow us before AI?

Episode 64 - Networks and Dnsmasq and IoT oh my

Episode 63 - Shoot, Shovel, and Bury

Episode 62 - All about the Equifax hack

Episode 61 - Market driven security

Episode 60 - The official blockchain episode

Episode 59 - The VPN Episode

Episode 58 - Backwards compatibility to the point of insanity

Episode 57 - We may never see amazing security research ever again

Episode 56 - Devil's Advocate and other fuzzy topics

Episode 55 - Good Docs Ruin My Story

Episode 54 - Turning Into An Old Person

Episode 53 - A Plane Isn't Like A Car

Episode 52 - You Could Have Done It Right, But You Didn't

Episode 51 - All About CVE

Episode 50 - This Is A Security Podcast After All

Episode 49 - Testing Software Is Impossible

Episode 48 - Machine Learning: Not Actually Magic

Episode 47 - WannaCry: Everything Is Basically Broken

Episode 46 - Turns Out I'm Not A Bad Guy

Episode 45 - Trust Is More Important Now Than The Truth

Episode 44 - Bug Bounties Vs Pen Testing

Episode 43 - We Are Totally Immature

Episode 42 - Hitchhiker's Guide To Security

Episode 41 - All Your Money Are Belong To Us

Episode 40 - Let's Fork Bitcoin, Again

Episode 39 - Flash On Your Dishwasher

Episode 38 - We Ruin Everything

Episode 37 - Your Bathtub Is More Dangerous Than A Shark

Episode 36 - A Good Enough Podcast

Episode 35 - Crazy Cosmic Accident

Episode 34 - Bathing In Ebola Virus

Episode 33 - Everybody Who Went To The Circus Is In The Circus (RSA 2017)

Episode 32 - Gambling As A Service

Episode 31 - XML Is Never The Solution

Episode 30 - I'm Not An Expert But I've Been Yelled At By Experts

Episode 29 - The Security Of Rogue One

Episode 28 - RSA Conference 2017

Episode 27 - Prove To Me You Are Human

Episode 26 - Tell Your Sister, Stallman Was Right

Episode 25 - The Future Is Now

Episode 24 - The 2016 Prediction Edition

Episode 23 - We Can't Patch People

Episode 22 - IoT Wild West

Episode 21 - CVE 10K Extravaganza

Episode 20 - The Death Of PGP

Episode 19 - A Field Full Of Razor Blades And Monsters

Episode 18 - The Security Of Santa

Episode 17 - Cyphercon Interview With Korgo

Episode 16 - Cat And Mouse

Episode 15 - Cyber Black Monday

Episode 14 - David A Wheeler: CII Badges

Episode 13 - CVE: The Metric System Of Security

Episode 12 - Security Trebuchet

Episode 11 - The Poison Candy Episode

Episode 10 - The Super Botnet That Nobody Can Stop

Episode 9 - Are Bug Bounties Measuring The Wrong Things

Episode 8 - The Primality Of Prime Numbers

Episode 7 - More Powerful Than Root

Episode 6 - Foundational Knowledge Of Security

Episode 5 - OpenSSL: The Library We Deserve

Episode 4 - Dead Squirrel In A Box

Episode - 3 The Lockpicking Sewing Circle

Episode 2 - Instills The Proper Amount Of Fear

Episode 1 - Rich History Of Security Flaws