On this week’s show we’ll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That’s a really, really interesting chat with Ryan Duff, coming up after the news.
This week’s show is brought to you by Hewlett Packard Enterprise Fortify! Of course HPE Fortify makes both static and dynamic analysis tools to help their customers weed out bugs in their software… but what are the relative strengths of static versus dynamic? Where should you use these tools? As this week’s sponsor guest Michael Farnum explains, the trend these days is to not only use both, but move them both as far to the left as possible in the development cycle. That’s this week’s sponsor interview, coming up a bit later.
Mark Piper is this week’s news guest.
Oh, and do add Patrick on Twitter if that’s your thing.