Car and IoT Security with Chris Craig

Ransomware and DDoS attacks happen all the time. Sometimes they affect large swaths of users. WannaCry ransomware froze the computer systems in hospitals. Mirai botnet DDoS attacks took down a DNS provider, making Netflix and Twitter inaccessible for a short period of time.

These are innocent attacks compared to what we could face from a world where cars, heart rate monitors, and other safety critical machinery become connected to the Internet. This is not a new subject–we have covered it in previous episodes about security. But it’s a deep subject, and there is much ground to cover.

Chris Craig joins the show for this episode–he is a security researcher at Oak Ridge National Lab. He studies network and cloud security, and in this episode he brings his broad expertise to subjects like IoT security, car security, and the question of standards–what do we need to standardize and certify as the internet becomes connected to physical infrastructure?

Thanks to Jared Smith for the introduction.

Show Notes

When Safety and Security Become One

Standardisation and Certification of the ‘Internet of Things’



Bugsnag improves the task of troubleshooting errors by making it more enjoyable and less time-consuming. For example, when an error occurs, your team can get notified via Slack, see diagnostic information on the error, and identify the developer who committed the code. Bugsnag’s integration with Jira and other collaboration tools makes it easy to assign and track bugs as they are being fixed. There is a special offer for Software Engineering Daily listeners. Try all features free for 60 days at Development teams can now iterate faster and improve software quality. To get started, go to Get up and running in three minutes. Airbnb, Lyft, and Shopify all use Bugsnag to monitor application errors.  

Flip the traditional job search and let Indeed Prime work for you while you’re busy with other engineering work, or coding your side project. Upload your resume and in one click, gain immediate exposure to companies like Facebook, Uber, and Dropbox. Interested employers will reach out to you within one week with salary, position, and equity up front. Don’t let applying for jobs become a full-time job. With Indeed Prime, jobs come to you. The average software developer gets 5 employer contacts and an average salary offer of $125,000. Indeed Prime is 100% free for candidates – no strings attached. Sign up now at

GrammaTech CodeSonar helps development teams improve code quality with static analysis. It helps flag issues early in the development process, allowing developers to release better code faster. CodeSonar can easily be integrated into any development process. CodeSonar performs advanced static analysis of C, C++, Java, and even raw binary code. CodeSonar performs unique dataflow and symbolic execution analysis to aggressively scan for problems in your code. Just like battleships use sonar to detect objects deep underwater, engineers use CodeSonar to detect subtle problems deep within their code. Go to to get your free 30-day trial, exclusively for Software Engineering Daily listeners and unleash the power of advanced static analysis.

Thanks to Symphono for sponsoring Software Engineering Daily. Symphono is a custom engineering shop where senior engineers tackle big tech challenges while learning from each other. Check it out at Thanks to Symphono for being a sponsor of Software Engineering Daily for almost a year now. Your continued support allows us to deliver content to the listeners on a regular basis.