32 min listen
Bringing Autonomy to AppSec - Dr. David Brumley - ESW #255
Bringing Autonomy to AppSec - Dr. David Brumley - ESW #255
ratings:
Length:
37 minutes
Released:
Dec 24, 2021
Format:
Podcast episode
Description
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven’t solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy. Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255
Released:
Dec 24, 2021
Format:
Podcast episode
Titles in the series (100)
Drunken Security News - Episode 342: From the Bradley Manning sentencing to DDOSing your former employer, the guys at PSW cover all the interesting stories of the week. by Security Weekly Podcast Network (Video)