A podcast about web design and development.
…
continue reading
Content provided by Debra J. Farber (Shifting Privacy Left). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Debra J. Farber (Shifting Privacy Left) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to The Shifting Privacy Left Podcast
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
S2E14: Addressing Privacy with Static Analysis Techniques Like ‘Taint-Tracking’ & ‘Data Flow Analysis’ with Suchakra Sharma (Privado.ai)
Manage episode 421035583 series 3407760
Content provided by Debra J. Farber (Shifting Privacy Left). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Debra J. Farber (Shifting Privacy Left) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
This week, we welcome Suchakra Sharma, Chief Scientist at Privado.ai, where he builds code analysis tools for data privacy & security. Previously, he earned his PhD in Computer Engineering from Polytechnique Montreal, where he worked on eBPF Technology and hardware-assisted tracing techniques for OS Analysis. In this conversation, we delve into Suchakra’s background in shifting left for security and how he applies traditional, tested static analysis techniques — such as 'taint tracking' and 'data flow analysis' — for use on large code bases at scale to help fix privacy leaks right at the source.
---------
Thank you to our sponsor, Privado, the developer friendly privacy platform.
---------
Suchakra aligns himself with the philosophical aspects of privacy and wishes to work on anything that helps in limiting the erosion of privacy in modern society, since privacy is fundamental to all of us. These kinds of needs have always been here, and as societies have advanced, this is a time when we require more guarantees of privacy. After all, it is humans that are behind systems and it is humans that are going to be affected by the machines that we build. Check out this fascinating discussion on how to shift privacy left in your organization.
Topics Covered:
- Why Suchakra was interested in privacy after focusing on static code analysis for security
- What 'shift left' means and lessons learned from the 'shift security left' movement that can be applied to 'shift privacy left' efforts
- Sociological perspectives on how humans developed a need for keeping things 'private' from others
- How to provide engineering-focused guarantees around privacy today & what the role should be of engineers within this 'shift privacy left' paradigm
- Suchakra's USENIX Enigma talk & discussion of 'taint tracking' & 'data flow analysis' techniques
- Which companies should build in-house tooling for static analysis, and which should be outsourcing to experienced vendors like Privado
- How to address 'privacy bugs' in code; why it's important to have an 'auditor's mindset;' &, why we'll see 'Privacy Bug Bounty Programs' soon
- Suchakra's advice to engineering managers to move the needle on privacy in their orgs
Resources Mentioned:
- Join Privado's Slack Community
- Review Privado's Open Source Code Scanning Tools
Guest Info:
- Connect with Suchakra on LinkedIn
Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Buzzsprout - Launch your podcast
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Chapters
1. S2E14: Addressing Privacy with Static Analysis Techniques Like ‘Taint-Tracking’ & ‘Data Flow Analysis’ with Suchakra Sharma (Privado.ai) (00:00:00)
2. Introducing Suchakra Sharma (00:01:25)
3. How Suchakra got interested in privacy after focusing on static code analysis for security (00:02:51)
4. What 'shift left' means to Suchakra, and lessons learned from the 'shift security left' movement that can be applied to 'shift privacy left' efforts (00:05:43)
5. Suchakra shares some sociological stories of how humans developed a need to keep certain things 'private' (00:09:17)
6. How we can provide guarantees around privacy today in a engineering-focused way, and what the role should be of engineers in this 'shift privacy left' paradigm (00:12:56)
7. Debra & Suchakra discuss his USENIX Enigma talk: 'Building an Automated Machine for Discovering Privacy Violations at Scale;' and Suchakra describes techniques like 'taint tracking' and 'data flow analysis' for static code analysis (00:14:58)
8. Suchakra describes what it takes to build static code analysis tooling and gives examples of large companies that have build their own (i.e., Facebook, Microsoft, Gitlab, Github) (00:19:02)
9. Suchakra addresses how developers & privacy engineers can find & fix 'privacy bugs' in code; why it's important to have an 'auditor's mindset;' and, why he believes we'll see 'Privacy Bug Bounty Programs' in our future (00:23:09)
10. Suchakra's advice to engineering managers to move the needle on privacy in their organizations (00:28:26)
11. Suchakra recommends relevant conferences and events to stay plugged into this space (00:32:04)
63 episodes
Share
Manage episode 421035583 series 3407760
Content provided by Debra J. Farber (Shifting Privacy Left). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Debra J. Farber (Shifting Privacy Left) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
This week, we welcome Suchakra Sharma, Chief Scientist at Privado.ai, where he builds code analysis tools for data privacy & security. Previously, he earned his PhD in Computer Engineering from Polytechnique Montreal, where he worked on eBPF Technology and hardware-assisted tracing techniques for OS Analysis. In this conversation, we delve into Suchakra’s background in shifting left for security and how he applies traditional, tested static analysis techniques — such as 'taint tracking' and 'data flow analysis' — for use on large code bases at scale to help fix privacy leaks right at the source.
---------
Thank you to our sponsor, Privado, the developer friendly privacy platform.
---------
Suchakra aligns himself with the philosophical aspects of privacy and wishes to work on anything that helps in limiting the erosion of privacy in modern society, since privacy is fundamental to all of us. These kinds of needs have always been here, and as societies have advanced, this is a time when we require more guarantees of privacy. After all, it is humans that are behind systems and it is humans that are going to be affected by the machines that we build. Check out this fascinating discussion on how to shift privacy left in your organization.
Topics Covered:
- Why Suchakra was interested in privacy after focusing on static code analysis for security
- What 'shift left' means and lessons learned from the 'shift security left' movement that can be applied to 'shift privacy left' efforts
- Sociological perspectives on how humans developed a need for keeping things 'private' from others
- How to provide engineering-focused guarantees around privacy today & what the role should be of engineers within this 'shift privacy left' paradigm
- Suchakra's USENIX Enigma talk & discussion of 'taint tracking' & 'data flow analysis' techniques
- Which companies should build in-house tooling for static analysis, and which should be outsourcing to experienced vendors like Privado
- How to address 'privacy bugs' in code; why it's important to have an 'auditor's mindset;' &, why we'll see 'Privacy Bug Bounty Programs' soon
- Suchakra's advice to engineering managers to move the needle on privacy in their orgs
Resources Mentioned:
- Join Privado's Slack Community
- Review Privado's Open Source Code Scanning Tools
Guest Info:
- Connect with Suchakra on LinkedIn
Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Buzzsprout - Launch your podcast
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Chapters
1. S2E14: Addressing Privacy with Static Analysis Techniques Like ‘Taint-Tracking’ & ‘Data Flow Analysis’ with Suchakra Sharma (Privado.ai) (00:00:00)
2. Introducing Suchakra Sharma (00:01:25)
3. How Suchakra got interested in privacy after focusing on static code analysis for security (00:02:51)
4. What 'shift left' means to Suchakra, and lessons learned from the 'shift security left' movement that can be applied to 'shift privacy left' efforts (00:05:43)
5. Suchakra shares some sociological stories of how humans developed a need to keep certain things 'private' (00:09:17)
6. How we can provide guarantees around privacy today in a engineering-focused way, and what the role should be of engineers in this 'shift privacy left' paradigm (00:12:56)
7. Debra & Suchakra discuss his USENIX Enigma talk: 'Building an Automated Machine for Discovering Privacy Violations at Scale;' and Suchakra describes techniques like 'taint tracking' and 'data flow analysis' for static code analysis (00:14:58)
8. Suchakra describes what it takes to build static code analysis tooling and gives examples of large companies that have build their own (i.e., Facebook, Microsoft, Gitlab, Github) (00:19:02)
9. Suchakra addresses how developers & privacy engineers can find & fix 'privacy bugs' in code; why it's important to have an 'auditor's mindset;' and, why he believes we'll see 'Privacy Bug Bounty Programs' in our future (00:23:09)
10. Suchakra's advice to engineering managers to move the needle on privacy in their organizations (00:28:26)
11. Suchakra recommends relevant conferences and events to stay plugged into this space (00:32:04)
63 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to The Shifting Privacy Left Podcast
A podcast about web design and development.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
