Compiler

Jeremy West, who leads Red Hat's product security incident response team, brings expertise in vulnerability response and secure development. He discusses transparency in publishing vulnerabilities, machine-readable advisories like CSAF and VEX, rare embargoes, shared accountability for applying patches, and the importance of upstream collaboration and secure-by-design practices.

Jeremy West, Senior Manager of Product Security Engineering at Red Hat, who leads product security incident response. He walks through CVE tracking and why common identifiers matter. Listens to how vulnerabilities are named, how CVEs are governed versus stored, and how severity, CVSS, and remediation priorities are determined. Practical takes on prioritization, risk tolerance, and the economics of patching.

Simo Sorce, Distinguished Engineer at Red Hat who leads their UX crypto team and focuses on post-quantum security. He explains what quantum computing threatens in cryptography. He uses clear analogies to unpack public-key concepts. He outlines harvest-now/decrypt-later risk, progress toward quantum hardware, and the practical challenges of migrating to quantum-resistant algorithms.

Huzaifa Sidhpurwala, a Red Hat senior principal product security engineer focused on AI product security, discusses emerging frameworks for securing AI systems. He covers why security lags behind innovation. Topics include open source’s role in trust, model signing and machine-readable model cards, testing with safety benchmarks, agentic risks, and how human complacency remains a major vulnerability.

The relationship between data and AI is...complicated. AI is built on data. It often needs more. A wealth of data can make AI strong. But it can also be a weakness. Clarence Clayton, Director of Global Privacy + AI Risk and Compliance at Red Hat, helps us understand the increasingly complex interplay between data and AI—because the flow of information isn't a one-way street.

They say "data is king." From secret recipes to performance metrics and beyond, organizations use mountains of data every day. It's important to keep that data safe from scammers, the competition, or anyone else who could misuse it. Securing that data isn't easy. Clarence Clayton, Director of Global Privacy + AI Risk and Compliance at Red Hat, lays out the foundations of data security. He covers what needs to be protected and explains some of the basic principles you should follow to keep data thieves out of your database.

The rapid adoption of AI often means security is an afterthought. And let's face it—humans are not always great at assessing risk. But how has AI transformed the security landscape? What can the industry do to stay informed and ready to respond to threats? And what does this mean for product security?Jeff Crume, distinguished engineer at IBM, stops by to talk about AI as "the new attack surface", and explains why the technology, like so many others, can be used for both altruistic and malicious intentions.

Our trust in the internet is the lowest it’s ever been. In spite of our vigilance, we face more threats than ever before. Product security is a vital element in the defense against malicious incursions. This season of Compiler covers the particulars of product security. With some help from Emily Fox, Portfolio Security Architect at Red Hat, our hosts kick off the season with a simple question: What is product security?

Phishing. DDoS attacks. Social engineering. These are not new terms if you know anything about cybersecurity. But emerging technologies are making these well-known methods of attack easier than ever. Bad actors are paying attention—and they are leveling up their skills accordingly. It isn’t just cybersecurity professionals who have to be aware and responsive– people working in product security are a part of the effort, too. What do they need to know to respond to these newer attacks? This season, hosts Emily Bock and Vincent Danen will dig into how the security landscape has changed, and how IT professionals can work together to prevent and prepare for whenever, wherever, and however threats emerge.

The conversation dives into how AI is reshaping healthcare, from analyzing radiographic images to enhancing clinician workflows. Human oversight is emphasized as critical in managing patient data for better outcomes. There's a thought-provoking discussion on the challenges of creativity in the age of AI, exploring concerns about originality and emotional depth in content. Finally, the importance of continuous learning and ethical considerations in tech are highlighted, alongside heartfelt reflections on community and connection throughout the season.