Assurance Unknown

Kai-Fan Chang

Assurance Unknown, a podcast about all the untold stories in the high assurance IT product security evaluation and certification industry. This is a podcast hosted by Kai-Fan Chang, who worked in IT product security evaluation and certification for about 20 years. I will interview the people who are in my view a big part of my personal journey in this industry and also people who helped shaping this industry. There is no way to predict or plan the future without knowing the past. And I am curious about all the unknown stories, to me, along the way. I am welcoming you to join my journey to discover how the industry has come to be. Hopefully to find a way to go forward together!

集數

  1. 6 天前

    Assurance Unknown with Kai-Fan Chang, Chuankai Gao & Hungwei Chen

    In this episode I had a discussion in a tea house with Dr. Gao from the IT security department in Institute of Information Industry in Taiwan and Hungwei Chen previously from Winbond. They shared their stories with high assurance security evaluation and the difficulties in promoting security evaluation in an ecosystem. Security is generally considered a cost for the developer and I have yet to see a developer to do security evaluation/certification by freewill when it’s not necessary. As a country or a company you need to make the conscious choice if security is important for your existence on the long run and if investment is needed or worth it. While most people will say that security is important, most companies do not want to invest because it hurts the short term results (costs) and makes the price of the product higher (competitiveness). This episode is purely in Chinese and I know it will make people who only listen to the podcast and do not speak Chinese quite difficult. However, it is really important that people who I interview to feel comfortable to speak out their mind freely and precisely. On the YouTube version you are able to find the subtitles in different languages. Hope you gain some new insights from the conversation. As usual, there is a blog associated with this episode and you can find it here: https://certcle.substack.com/p/the-economy-of-security-certification?r=3smzvo My website: www.certcle.com Instagram: @certcle

    1 小時 18 分鐘
  2. 5月29日

    Assurance Unknown with Kai-Fan Chang and Ernst Bovelander

    Welcome to the second episode of Assurance Unknown. My guest for this episode is Ernst Bovelander. Ernst was the CEO of Brightsight for many years and played quite an important role for both Brightsight and for my career. In the interview we went into his career from his first job at the hardware security group of TNO, which became Brightsight. And his return to Brightsight to take over one of the previous owners Jan Pieters as the CEO. He had two tasks, one is to make Brightsight more "professional", the other is to prepare the company for a sale. We can hear the whole process from his point of view, which if we purely look at the two tasks, he had quite good results. We also went into the process of the growth and expansion of Brightsight. Overall a very interesting story of the history of Brightsight and high assurance payment security. When Ernst was talking about making Brightsight more "professional", I was already thinking what does "more professional" actually mean? I wrote a blog post about it as the complimentary content and I welcome you all to share your views and comments on that. You can find the blogpost here: https://certcle.substack.com/p/what-is-a-professional-lab Hope you enjoy this episode. I am keeping a monthly update cycle at this moment so the episodes are still in the long format. Feel free to leave your comments and join the conversation. Do not forget to subscribe and like the video if you do! Thanks!

    1 小時 43 分鐘

簡介

Assurance Unknown, a podcast about all the untold stories in the high assurance IT product security evaluation and certification industry. This is a podcast hosted by Kai-Fan Chang, who worked in IT product security evaluation and certification for about 20 years. I will interview the people who are in my view a big part of my personal journey in this industry and also people who helped shaping this industry. There is no way to predict or plan the future without knowing the past. And I am curious about all the unknown stories, to me, along the way. I am welcoming you to join my journey to discover how the industry has come to be. Hopefully to find a way to go forward together!