Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

Black Hat Podcasts


Black Hat Fireside Chat: Why using ‘Clean Code’ is paramount in speedy software development

By Byron V. Acohido

Clean Code’ is a simple concept rooted in common sense. This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development.

Related: Setting IoT security standards

At Black Hat 2023, I had the chance to visit with Olivier Gaudin, founder and co-CEO, and Johannes Dahse, head of R&D, at SonarSource, a Geneva, Switzerland-based supplier of systems to achieve Clean Code. Olivier outlined the characteristics all coding should have and Dahse explained how healthy code can be fostered. For a drill down, please give the accompanying podcast a listen.

Responsibility for Clean Code, Olivier told me, needs to be placed with the developer, whether he or she is creating a new app or an update. Caring for source code when developing and deploying applications at

Black Hat Fireside Chat: In a hyper-connected world, effectively securing APIs is paramount

By Byron V. Acohido

APIs. The glue of hyper connectivity; yet also the wellspring of risk.

Related: The true scale of API breaches

I had an enlightening discussion at Black Hat USA 2023 with Traceable.ai Chief Security Officer Richard Bird about how these snippets of code have dramatically expanded the attack surface in ways that have largely been overlooked.

Please give the accompanying podcast a listen. Traceable supplies systems that treat APIs as delicate assets requiring robust protection. At the moment, Bird argues, that’s not how most companies view them.

All too many organizations, he told me, have no clue about how many APIs they have, where they reside and what they do. A good percentage of APIs, he says, lie dormant – low hanging fruit for hackers who are expert at

Black Hat Fireside Chat: Flexxon introduces hardened SSD drives as a last line defense

By Byron V. Acohido

Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry.

Related: The security role of semiconductors

Cutting against the grain, Flexxon, a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.

Flexxon recently introduced its X-PHY SSD drive which now comes embedded in certain laptop models from Lenovo, ASUS and HP. This innovation derives from security-hardened AI-powered memory and storage drives Flexxon supplies that go into medical equipment and industrial machinery.

I had the chance to get briefed about all of this by Flexxon’s founder and CEO Camellia Chan. For a full drill down

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

By Byron V. Acohido

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life.

Sharing intel for a greater good

Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks.

I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd, a pioneer in the crowdsourced security market. Bugcrowd ushered in crowdsourced security with its launch in 2012, and today a covey of vendors have followed suit, each supplying intricate platforms to connect hackers with proven skillsets to companies that have particular needs.

“What we’ve got under the hood is effectively a dating website for people who are good at breaking into computers,” Ellis says.

Crowdsourced security vendors (others include Synack, Hacker One and Intigriti) make it seamless for companies to tap into a global network of software coders, and set them on

Black Hat Fireside Chat: How ‘enterprise browsers’ serve as a checkpoint to stop ChatGPT leakage

By Byron V. Acohido

For a couple of decades now, the web browser has endured in workplace settings as the primary employee-to-Internet interface. It’s really just assumed to be a given that a browser built for consumers is an acceptable application for employees to use to work.

Preserving privacy for a greater good

And despite advances, like sandboxing, browser isolation and secure gateways, the core architecture of web browsers has remained all-too vulnerable to malicious attacks.

There was a lot of buzz at Black Hat USA 2023 about advanced “enterprise browsers.” I visited with Uy Huynh, vice president of solutions engineering at Island.io, to discuss this. For a full drill down please give the accompanying podcast a listen.

Built on the Chromium open source code, Island’s Enterprise Browser recognizes the identity and considers the role of each user—be it an employee, contractor, or HR personnel. This granular visibility aids in rapid onboarding while also bolstering security protocols, Huynh explained.

This can serve as a “last mile” checkpoint to curtail Shadow IT; in particular,

Black Hat Fireside Chat: How to achieve API security — as AI-boosted attacks intensify

By Byron V. Acohido

API security has arisen as a cornerstone of securing massively interconnected cloud applications.

At Black Hat USA 2023, I had a great discussion about API security with Data Theorem COO Doug Dooley and Applovin CISO Jeremiah Kung. For a full drill down, please give the accompanying podcast a listen.

As a fast-rising mobile ad network going toe-to-toe with Google and Facebook, Applovin has been acquiring advanced security tools and shaping new practices to manage its API exposures. Kung described for me how Data Theorem’s API Secure is proving to be a vital weapon in Applovin’s security arsenal.

APIs have become the “lifeblood” of apps and thus a prime target for cyber criminals, Kung says. AppLovin has learned that it must mitigate API exposures from multiple angles, he told me.

Robust API security has become table stakes – for cloud-native companies like AppLovin as

Black Hat Fireside Chat: Horizon3.ai makes a strong case for continuous, self-service pentesting

By Byron V. Acohido

LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time.

Related: Going on the security offensive

Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.

Enter advanced pentesting. One of the hot topics at Black Hat USA 2023, which ramps up here this week in the desert heat, is how automation and machine learning are underpinning pentesting solutions deeply and continuously. This self-service, self-directed, continuous infrastructure pentesting approach allows organization to discover their exploitable attack surfaces and reduced their risk.

I had the chance to visit with someone in the thick of this important shift: Snehal Antani, CEO of Horizon3.ai, a San Francisco-based supplier of “autonomous” vulnerability