{"podcast":{"title":"Embedded","slug":"embedded-1055969","podcast_index_feed_id":1055969,"rss_url":"https://makingembeddedsystems.libsyn.com/rss","website_url":"https://embedded.fm","image_url":"https://static.libsyn.com/p/assets/5/5/6/d/556d627cc4fc52d016c3140a3186d450/logo-20250804-i5c1px6k56.jpg","author":"Elecia White","episode_count":573,"summary":"I am Elecia White alongside Christopher White. We're here to chat about the interests, careers, and lives of engineers, artists, educators and makers. Our diverse guest list includes names you may have heard and engineers working quietly in the trenches. Either way, they are knowledgeable, enthusiastic, and inspiring. We'd love to share our enthusiasm for science, technology, engineering, art, and math (STEAM).","last_synced_at":null,"page_url":"https://stenobird.com/podcast/embedded-1055969"},"episode":{"title":"515: Script Boomers","slug":"515-script-boomers","published_at":"2025-11-27T01:08:00+00:00","page_url":"https://stenobird.com/podcast/embedded-1055969/515-script-boomers","show_page_url":"https://stenobird.com/podcast/embedded-1055969","url":"https://embedded.fm/episodes/515","audio_url":"https://traffic.libsyn.com/secure/makingembeddedsystems/embedded-ep515-public-edit.mp3?dest-id=141180","summary":"Nick Kartsioukas joined us to talk about security in embedded systems. Common Vulnerabilities and Exposures ( CVE ) is the primary database to check your software libraries, tools, and OSs: cve.org . Open Worldwide Application Security Project ( OWASP , owasp.org ) has information on how to improve security in all kinds of applications, including embedded application security . There are also cheatsheets, Nick particularly recommends Software Supply Chain Security - OWASP Cheat Sheet . Wait, what is supply chain security ? Nick suggested a nice article on github.com : it is about your code and tools including firmware update, a common weak point in embedded device security. Want to try out some security work? There are capture the flag (CTF) challenges including the Microcorruption CTF ( microcorruption.com ) which is embedded security related. We also talked about the SANS Holiday Hack Challenge (also see Prior SANS Holiday Hack Challenges ). This episode is brought to you by RunSafe Security . Working with C or C++ in your embedded projects? RunSafe Security helps you build safer, more resilient devices with build-time SBOM generation, vulnerability identification, and patented code hardening. Their Load-time Function Randomization stops the exploit of memory-based attacks, something we all know is much needed. Learn more at RunSafeSecurity.com/embeddedfm . Some other sites that have good information embedded security: This World Of Ours by James Mickens is an easy read about threat modelling Cybersecurity and Infrastructure Security Agency (CISA) is at cisa.gov and, among other things, they describe SBOMs in great detail National Institute of Standards and Technology (NIST) also provides guidance: Internet of Things (IoT) | NIST NIST Cybersecurity for IoT Program NI…","meta_description":"Nick Kartsioukas joined us to talk about security in embedded systems. Common Vulnerabilities and Exposures ( CVE ) is the primary database to check your…","key_points":[],"chapters":[],"topics":[],"duration_seconds":4223,"processing_state":"not_requested","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/embedded-1055969/episodes/515-script-boomers/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/embedded-1055969/515-script-boomers.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}