In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and embedded systems expert Elecia White, host of Embedded.fm and author of Making Embedded Systems, to discuss the trade-offs of using open source in embedded development.

The conversation goes beyond debates about “open vs. proprietary” to explore how a single library can quietly introduce sprawling dependency chains, unclear maintenance responsibilities, licensing obligations, and long-term security exposure, especially in devices expected to operate for years or decades.

Elecia and Joe share guidance for using open source intentionally, including how to set guardrails early, limit dependency blast radius, and design systems that can respond when vulnerabilities emerge, even when patching isn’t easy.

Together, they cover:

• Why embedded teams don’t get burned by open source, they get burned by unexamined dependencies
• How transitive dependencies and “helpful” packages quietly expand attack surface
• Why professionalism, documentation, and disclosure practices signal trustworthy projects
• Why build-time SBOMs matter more than after-the-fact analysis
• How Secure by Design thinking reduces reliance on emergency patching

For embedded engineers, product leaders, and security teams balancing delivery pressure with long-lived risk, this episode offers advice for using open source without inheriting future incidents.

Autonomous and connected vehicles are reshaping transportation, but increased software complexity and connectivity introduce serious security and safety challenges that can’t be solved with traditional perimeter defenses.

In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Hemanth Tadepalli, Senior Cybersecurity & Compliance SME at May Mobility, for a practical discussion on what cyber resilience looks like inside real-world autonomous vehicle programs.

Hemanth draws on his experience securing mobility systems at May Mobility, as well as prior work with Mandiant, Google, and AlixPartners, to explain how automotive organizations are adapting to software-defined vehicle architectures, regulatory pressure, and expanding attack surfaces. Joe shares his perspective on why mobility companies increasingly resemble software companies and what that means for engineering, governance, and operational security.

Together, they explore:

• How connected and autonomous vehicle architectures expand the attack surface
• What cyber resilience means in day-to-day engineering and fleet operations
• How governance, threat intelligence, and software validation reduce risk
• Regulatory pressures shaping automotive security decisions
• How teams balance detection, response, and safety in autonomous systems

Whether you’re building autonomous platforms, managing connected fleets, or securing safety-critical software, this episode offers a grounded look at what it takes to keep modern mobility systems trustworthy and safe.

As industrial control systems become more connected, more Linux-based, and more exposed to IT-style threats, 2026 is shaping up to be a turning point for ICS security.

In this end-of-year predictions episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder & CEO Joseph M. Saunders and CTO Shane Fry to discuss what will define ICS and critical infrastructure security in 2026.

The episode explores a bold prediction: We will see a major ICS breach originating from a web application vulnerability running directly on an embedded control device. As full Linux operating systems, Node.js apps, and web servers increasingly appear inside OT equipment, long-standing IT vulnerabilities are colliding with systems that are difficult—or impossible—to patch.

Joe and Shane dig into why detection-only strategies fall short in constrained, long-lived devices, and why secure by design engineering, memory safety, and runtime protections are becoming essential. They also discuss the importance of accurate, build-time Software Bills of Materials, especially as regulations like the EU Cyber Resilience Act push manufacturers toward transparency, accountability, and provable supply-chain visibility.

Together, they cover:

• Why ICS exploitation is shifting from theoretical to operational
• How web app and RCE vulnerabilities are creeping into OT devices
• The limits of detection-only security strategies
• Why memory safety and runtime protections reduce exploitable risk
• How build-time SBOMs improve vulnerability tracking and trust

As vehicles evolve into always-connected, software-defined systems, cybersecurity decisions increasingly shape privacy, safety, and trust on the road.

In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joseph M. Saunders and special guest Sean McKeever, Global Product Cybersecurity Lead at Marelli, for a candid discussion on what it really means to secure modern vehicles. Sean brings deep industry experience to unpack how OEMs and suppliers are navigating data stewardship, autonomous testing, vehicle theft, and diverging global regulations.

Together, Paul, Joe, and Sean explore:

• What constant connectivity means for driver privacy and data stewardship
• The risks of beta-testing autonomous systems on public roads
• How car theft has shifted from physical break-ins to software exploitation
• Why U.S. and EU cybersecurity regulations take fundamentally different approaches
• The importance of collaboration across OEMs, suppliers, and regulators

From RF relay attacks to software-defined vehicles with decade-long lifecycles, this episode highlights why cybersecurity is no longer an add-on but a core design decision shaping the future of mobility.

Open source accelerates development in embedded systems, but hidden license obligations can quickly create legal and operational risk. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Salim Blume, Director of Security Applications, for a look at how copyleft risk emerges and why compliance in embedded products is more challenging than many teams expect.

Salim breaks down how restrictive licenses, such as GPL and AGPL, can force the disclosure of proprietary code, interrupt product shipments, or create exposure long after devices are deployed in the field. Joe shares why accurate SBOMs, automated license checks, and enforcing policy at build time are critical to preventing surprises in downstream products. The discussion also touches on the ongoing Vizio case, where the TV manufacturer faces litigation that could compel public release of source code under the GPL, highlighting how open source obligations can surface years after products hit the market.

Together, Paul, Joe, and Salim explore:

• How copyleft obligations can require source-code disclosure
• Why embedded environments complicate license compliance
• Real-world cases where unnoticed GPL dependencies caused major issues, such as Vizio’s GPL lawsuit and Cisco’s WRT54G router family
• The growing implications of AGPL for SaaS and connected services
• How build-time SBOMs and automated controls reduce long-term risk

Whether you're building connected devices, managing software supply chain compliance, or protecting proprietary IP, this episode offers practical guidance to reduce copyleft risk before it becomes a costly problem.

In this episode of Exploited: The Cyber Truth, host Paul Ducklin sits down with RunSafe Founder and CEO Joseph M. Saunders to explore why the future of cyber defense depends on disrupting attacker economics rather than racing to keep up with every new threat.

Joe breaks down how organizations can gain an asymmetric advantage by reducing exploitability across entire classes of vulnerabilities, especially persistent memory safety flaws that continue to expose critical systems. He shares why adding lightweight, automated protections at build time is one of the fastest ways to shift the cost curve onto attackers without forcing massive code rewrites or slowing development teams down.

Together, Paul and Joe discuss:

• Why attackers’ resource advantage requires a new defensive mindset
• The power of “patchless” protection in embedded and OT environments
• Why memory safety flaws persist and how to neutralize them at scale
• The risks of AI-generated code and how to prevent silent vulnerabilities
• How Secure by Design practices improve resilience for critical infrastructure

If you're responsible for securing embedded systems, OT assets, or long-lived devices where patch cycles are slow and risk is high, this episode offers a new mindset that gives defenders the upper hand.

As OT environments face rising geopolitical tensions, ransomware threats, and aging infrastructure, vulnerability management has never been more complex. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Stuxnet expert Ralph Langner, Founder and CEO of Langner, Inc.

Ralph shares from his decades of firsthand experience defending industrial control systems and explains why traditional CVE-focused vulnerability management falls short in OT. He breaks down the three major categories of OT vulnerabilities—design flaws, feature abuse, and configuration errors—and reveals why competent attackers often ignore CVEs entirely. Joe highlights how memory-based vulnerabilities continue to threaten critical systems and why eliminating entire vulnerability classes can create an asymmetric advantage for defenders.

Together, Ralph and Joe explore:

• Why most OT equipment remains insecure by design and why replacement will take decades
• How features, not bugs, often become the real attack vector
• The growing role of ransomware and IT-side weaknesses in OT compromises
• Practical steps OT defenders can take today to incrementally improve resilience
• The value of class-level protections, better architectures, and secure development processes

Whether you secure energy infrastructure, manufacturing systems, or mixed IT/OT networks, this episode delivers experience-driven guidance for strengthening cyber-physical resilience.

AI is fueling both innovation and new attack tactics. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Kelly Davis, Senior Solutions Architect at Glasswall, to uncover how AI-powered malware is slipping through traditional detection in federal and defense environments—and what can be done about it.

Kelly breaks down how “clean file” strategies are redefining cybersecurity by ensuring only safe, verified content enters critical systems. Joe connects these insights to operational technology (OT), where malicious code can disrupt industrial operations, safety systems, and even national infrastructure.

Together, they explore:

• How AI is changing both attack and defense in cybersecurity
• Why detection-based security is too slow—and how AI is widening the gap
• How Content Disarm and Reconstruction (CDR) strengthens federal and defense workflows
• How federal agencies can adopt file-level defenses using pilots, boundary controls, and workflow APIs
• The parallels between clean files in IT and secure binaries in OT

Whether you’re defending national assets or securing industrial systems, this episode reveals why prevention—not detection—is the smartest defense in the AI era.