CyberScoop Radio

Securiosity: Have you patched BlueKeep yet?

Jul 22, 2019 | CYBERSCOOP

Microsoft is sending out early warnings about the 2020 election, Bluekeep patching is a mixed bag, and a company wants to use diamonds in the supply chain.

In our interview, we talk with Casey Ellis from Bugcrowd on how his company has meshed the nature of pen testing with bug bounty programs to form what’s considered to be “crowdsourced security.”

-In this Story-

BlueKeep, Bugcrowd, Casey Ellis, cybersecurity podcast, Greg Otto, Jen O'Daniel

Listen now

Securiosity: Capital One saga continues
Securiosity: Another successful hacker summer camp
Mobile security threats challenge CISOs to rethink device policies
Securiosity: Everything you need to know about Capital One's breach
Securiosity: Shine on, security diamonds
Securiosity: Zoom & Doom
Securiosity: A $600,000 digital stick-up
How network modeling helps operations and security teams mitigate risk
Securiosity: The great cybersecurity consolidation circus is upon us
Securiosity: So, about this 'Crypto' movie...
Securiosity: Let's think through this Huawei thing
Securiosity: The infosec world is a mess
Securiosity: A month's worth of news, packed into a week
Securiosity: Move fast and break things, for real
Securiosity: You can't pentest an election
Securiosity: The world is hacked
Securiosity: Is Julian Assange really a hacker?
Securiosity: OPSEC fail of the year?
Securiosity: Closing Pandora's Box
Securiosity: Norsk Hydro's best-case scenario
Securiosity: Oh man, this 'Crypto' trailer
Securiosity: Everything you missed at RSA
Securiosity: Hacker Time Trials
Securiosity: Marcus Carey's 'Tribe of Hackers'
Securiosity: Back to your regularly scheduled podcast
Securiosity: DHS's DNS Problem
Securiosity: An ICS Security Bonanza!
Securiosity: Hacky New Year
Securiosity: ...And China indictments close the year
Securiosity: Persistent Pegasus
Securiosity: Wait, a breach during the 2018 campaign?
Securiosity: Welcome to breach week
Securiosity: Deals, Deals, Deals
Securiosity: All quiet on the election front
Securiosity: Brazen behavior everywhere
Securiosity: A double dose
Securiosity: How to look for hardware hacks
Securiosity: Behind the big supply chain story
Securiosity: ZIP disks! In 2018!
Securiosity: Officially on offense
Securiosity: The uncertainty principle
Securiosity: A couple charges, lots of questions
Securiosity: Voting vendors vs. voting village
Securiosity: Phalse Alarm
Securiosity: Election security soapbox
Securiosity: Dispatches from hacker summer camp
Securiosity: The election security rain delay
Securiosity: Maria Butina's curious, too!
A president at war with his own intelligence community
Introducing Securiosity: CyberScoop's newest podcast
How identity can control shadow IT
Separating fact from fiction with GDPR
The push back on Trump's 5G plan
The case for zero-trust networks
What Trisis means for the ICS security world
What to expect in 2018
Threat intelligence: The tie that binds
A week full of election cybersecurity news
Apple's horrible, no good, very bad month
Just how bad will the Uber fallout be?
Why everyone needs to learn about two-factor authentication
How to make threat intelligence actionable
Why the dark web continues to fracture
How to protect your kids' privacy online
Security strategies that merge with modernization
What you need to know about Krack
The IRS' messy relationship with Equifax
How threat intelligence leads to counterintelligence
Depending on AI to keep Android malware to a minimum
Avast and the growing supply chain security problem
The U.S. government vs. Eugene Kaspersky
The value of threat intelligence
How cyberespionage is playing into the South China Sea conflict
The crazy idea of the U.S and Russia working on cybersecurity in harmony
North Korea's ongoing hacker onslaught
Why the anti-virus fight has gotten so nasty
The future of Cyber Command's split
What's next for cybersecurity at the State Department?
How the global grid hacks shape foreign policy
DHS's quest for better election system protections
How the world is reacting to Petya
What the Reality Winner leak means for the greater security community
VEP bill gets groans from federal leadership
GrammaTech's Tim Teitelbaum talks DARPA’s Cyber Grand Challenge
How Underwriters Laboratories is dealing with IoT security
Good Harbor's Richard Clarke talks about the impact of Yahoo’s massive data breach
Five encryption myths debunked for feds
OWASP Global Board Member Matt Konda discusses this year’s AppSec USA conference
Invincea's Anup Ghosh on using machine learning to improve cybersecurity detection capabilities
Veracode's Chris Wysopal talks about the impact of '90s hacker think tank
RSA President Amit Yoran: 'Don’t invest myopically in protection'
FireEye's Tony Cole discusses this year's M-Trends Report
NIST's Paul Black discusses UL's cyber certification, 'formal methods'
Bowie State prof discusses using DHS’ SWAMP software in her curriculum
Crowdstrike CEO George Kurtz: Indicators of attack are the future
IUPUI prof James Hill discusses static analysis tools
Sonatype's Joshua Corman on IoT: 'More code, more problems'
Code Dx CEO Anita D’Amico on commercializing government-funded research in cyber
Bugcrowd CEO Casey Ellis on bug bounty programs
Cylance's Stuart McClure on cyberthreats to critical infrastructure
Parasoft’s Arthur Hicken on software cybersecurity — and his ‘IoT hall of shame’
A federal 'bug bounty' program? HackerOne's Katie Moussouris weighs in on the challenges
Cyber guru Ron Ross on policy surrounding IoT, NIST's 2016 plans
NIST's Ron Ross on baking security into the government's software systems
NASA's Jerry Davis talks about information sharing, securing federal agencies
Robert Seacord on the intersection of DevOps and security
Lancope's Gavin Reid on how federal agencies can improve their threat intelligence
Robin Gandhi on making FISMA compliance decisions
Jeff Williams on making applications more secure at federal agencies
Bart Miller on making software assurance central to cyber defense