21 min listen
Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault
Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault
ratings:
Length:
32 minutes
Released:
Jun 20, 2024
Format:
Podcast episode
Description
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven’t solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy. Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Show Notes: https://securityweekly.com/vault-esw-12
Released:
Jun 20, 2024
Format:
Podcast episode
Titles in the series (100)
Enterprise Security Weekly #20 - Multi-Factor Authentication: Should we use Multi-factor Authentication for our Enterprise? Find out whether you should have a 2FA or not, here on Enterprise Security Weekly! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode20 Visit... by Enterprise Security Weekly (Video)