@BEERISAC: OT/ICS Security Podcast Playlist

When Open Source Gets You Into Hot Water: Copyleft Risk in Embedded Systems

Podcast: Exploited: The Cyber Truth [https://www.listennotes.com/podcasts/exploited-the-cyber-truth-runsafe-security-nBcXaqgZu6w/] Episode: When Open Source Gets You Into Hot Water: Copyleft Risk in Embedded Systems [https://www.listennotes.com/e/eaa5f4671ea345b3bd0fc6a8c6cb9b26/] Pub date: 2025-12-11 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/eaa5f4671ea345b3bd0fc6a8c6cb9b26/¬es=When Open Source Gets You Into Hot Water: Copyleft Risk in Embedded Systems] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/exploited-the-cyber-truth-VlXbhBSgnwQ-nBcXaqgZu6w.300x300.jpg] Open source accelerates development in embedded systems, but hidden license obligations can quickly create legal and operational risk. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Salim Blume, Director of Security Applications, for a look at how copyleft risk emerges and why compliance in embedded products is more challenging than many teams expect. Salim breaks down how restrictive licenses, such as GPL and AGPL, can force the disclosure of proprietary code, interrupt product shipments, or create exposure long after devices are deployed in the field. Joe shares why accurate SBOMs, automated license checks, and enforcing policy at build time are critical to preventing surprises in downstream products. The discussion also touches on the ongoing Vizio case, where the TV manufacturer faces litigation that could compel public release of source code under the GPL, highlighting how open source obligations can surface years after products hit the market. Together, Paul, Joe, and Salim explore: * How copyleft obligations can require source-code disclosure * Why embedded environments complicate license compliance * Real-world cases where unnoticed GPL dependencies caused major issues, such as Vizio’s GPL lawsuit and Cisco’s WRT54G router family * The growing implications of AGPL for SaaS and connected services * How build-time SBOMs and automated controls reduce long-term risk Whether you're building connected devices, managing software supply chain compliance, or protecting proprietary IP, this episode offers practical guidance to reduce copyleft risk before it becomes a costly problem. The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Building an OT Security Company from Scratch (Arabic) | 52

Podcast: ICS Arabia Podcast [https://www.listennotes.com/podcasts/ics-arabia-podcast-ics-arabia-podcast-pYc5P3Z4_C8/] Episode: Building an OT Security Company from Scratch (Arabic) | 52 [https://www.listennotes.com/e/2bf85a1b00034572971aa2f7d4f95074/] Pub date: 2025-12-13 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/2bf85a1b00034572971aa2f7d4f95074/¬es=Building an OT Security Company from Scratch (Arabic) | 52] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/ics-arabia-podcast-zeSAHDLrEG8-pYc5P3Z4_C8.300x300.jpg] In this episode, I’m joined by Engineer Ali Laribi, the founder of Fortress Plus, to dive deep into what it takes to build and lead in the OT security space — especially when you’re going against the crowd. The podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

EP 77: Building a Cyber Physical System Device Library

Podcast: Error Code [https://www.listennotes.com/podcasts/error-code-robert-vamosi-3BP9iDHMO65/] (LS 27 · TOP 10% what is this? [https://www.listennotes.com/listen-score/]) Episode: EP 77: Building a Cyber Physical System Device Library [https://www.listennotes.com/e/a673daf7b6bf4d3f9b325a020d260d26/] Pub date: 2025-12-09 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/a673daf7b6bf4d3f9b325a020d260d26/¬es=EP 77: Building a Cyber Physical System Device Library] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/error-code-robert-vamosi-G96HYb-qy0_-3BP9iDHMO65.300x300.jpg] Do you really know what’s on your network? A lot of OT devices are white labeled, meaning they have a brand name but under the hood they’re made by someone else. Sean Tufts, Field CTO for Claroty, explains how his team is using AI to sift through all the available data and build a cyber physical library that starts to add specificity to remediation operations, and improve cyber physical security overall The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

OT Risk Management | 55 with Steve Mustard

Podcast: ICS Arabia Podcast [https://www.listennotes.com/podcasts/ics-arabia-podcast-ics-arabia-podcast-pYc5P3Z4_C8/] Episode: OT Risk Management | 55 with Steve Mustard [https://www.listennotes.com/e/7f6487b627034bf8acb0f303395963f5/] Pub date: 2025-12-13 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/7f6487b627034bf8acb0f303395963f5/¬es=OT Risk Management | 55 with Steve Mustard] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/ics-arabia-podcast-zeSAHDLrEG8-pYc5P3Z4_C8.300x300.jpg] 🚨 Featuring: Steve Mustard [https://www.linkedin.com/in/steve-mustard-794a0a2/] — engineer, author, ex-ISA President & CEO of National Automation Inc.In this thought-provoking ICS Arabia Podcast [https://www.linkedin.com/company/ics-arabia-podcast/] episode, Steve dives deep into the critical—but often misunderstood—domain of OT cyber risk management. Drawing on decades of experience, he challenges the traditional focus on tech vulnerabilities and advocates for consequence-driven risk assessments that prioritize safety, operations, and business continuity.🔍 Key Takeaways:Why traditional IT risk models fall short in OT environmentsThe value of ISA/IEC 62443 as a flexible, risk-based frameworkHow multidisciplinary teams (engineering, safety, finance, cyber) create better risk decisionsThe role of incident response, backups, and mechanical fail-safesUS vs UK approaches to cybersecurity regulations The podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

How OT Managed Services Are Revolutionizing Industrial Cybersecurity

Podcast: Industrial Cybersecurity Insider [https://www.listennotes.com/podcasts/industrial-cybersecurity-insider-industrial-lkzZPU8EYci/] Episode: How OT Managed Services Are Revolutionizing Industrial Cybersecurity [https://www.listennotes.com/e/7fd94921c976453daa265c44815edc8f/] Pub date: 2025-12-09 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/7fd94921c976453daa265c44815edc8f/¬es=How OT Managed Services Are Revolutionizing Industrial Cybersecurity] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/industrial-cybersecurity-insider-velta-nPobcUYlNwM-lkzZPU8EYci.300x300.jpg] Dino sits down with industrial automation and industrial cybersecurity expert Kevin Kumpf, fresh off the floor of Rockwell Automation Fair 2025. They discuss why OT managed services are finally becoming viable for manufacturing, the critical 80/20 split between people and technology challenges, and how the industry's "silver tsunami" of retiring talent is forcing a reckoning. Kevin shares insights on building unified platforms that can manage everything from 30-year-old paper tape systems to AI-powered smart factories, why IT's "patch now" mentality fails in OT environments, and how the DG 360 platform is delivering true cyber-physical convergence today - not tomorrow. They discuss the reality that most OT cybersecurity tools only discover 30% of plant assets, the importance of human-in-the-loop decision making, and why the OT ecosystem - not IT - must drive the managed services revolution. This is a must-listen for anyone struggling with the complexity of protecting and managing modern manufacturing facilities. Chapters: * (00:00:00) - Introduction and Rockwell Automation Fair Recap * (00:01:43) - The OT Managed Services Evolution and Rebranding * (00:04:15) - The Three-Legged Stool: IT, OT, and OEMs * (00:07:32) - Point Solutions vs. Unified Platforms in Manufacturing * (00:10:45) - The DG 360 Vision: 360-Degree Plant Visibility * (00:14:28) - The Silver Tsunami and Training Challenges * (00:18:22) - Alert Fatigue and Actionable Intelligence * (00:22:45) - Software Defined Automation and Legacy Systems * (00:26:18) - Why OT Must Drive the Cybersecurity Conversation * (00:30:35) - Real-Time Demo and Implementation Readiness Links And Resources: * Kevin Kumpf on LinkedIn [https://www.linkedin.com/in/kevin-kumpf-b5021412/] * Want to Sponsor an episode or be a Guest? Reach out here. [https://www.linkedin.com/in/luraelumpkin] * Industrial Cybersecurity Insider on LinkedIn [https://www.linkedin.com/company/industrial-cybersecurity-insider] * Cybersecurity & Digital Safety on LinkedIn [https://www.linkedin.com/groups/12450584/] * BW Design Group Cybersecurity [https://www.bwdesigngroup.com/sub-capability/cybersecurity] * Dino Busalachi on LinkedIn [https://www.linkedin.com/in/dinobusalachi/] * Craig Duckworth on LinkedIn [https://www.linkedin.com/in/craigaduckworth/] Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify [https://open.spotify.com/show/6y0fvWaYstCG604LYveckc], Apple Podcasts [https://podcasts.apple.com/us/podcast/industrial-cybersecurity-insider/id1713811546], and YouTube [https://www.youtube.com/@veltatechnology] to leave us a review! The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.