After I spoke at the Information Security Summit in Ohio last month, the guys at the Security Justice podcast interviewed me and Tyler Hudak.
You can listen to the archive here. It was fairly loud in the room but you'd never know it listening to the audio. Great work guys.
We discuss open source software, vulnerability research and disclosure, product security incident response teams (PSIRTs), input vs output metrics, insourcing vs outsourcing, and building an incident response team.