39 min listen
Bringing Autonomy to AppSec - Dr. David Brumley - ESW #255
Bringing Autonomy to AppSec - Dr. David Brumley - ESW #255
ratings:
Length:
37 minutes
Released:
Dec 23, 2021
Format:
Podcast episode
Description
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven’t solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy. Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255
Released:
Dec 23, 2021
Format:
Podcast episode
Titles in the series (100)
Enterprise Security Weekly #8 - Securing "Air Gapped" Networks: Cisco makes an acquisition in cloud security, Palerra claims a first in the same space, Crowdstrike bundles prevent breaches? And Barracuda makes it easier to give them money for Next-Gen firewalls, all that and more so stay tuned! Full Show Notes:... by Enterprise Security Weekly (Video)