EPISODE · Jun 20, 2024 · 32 MIN
Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault
from Security Weekly Podcast Network (Video)
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren't going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven't solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy. Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Show Notes: https://securityweekly.com/vault-esw-12
NOW PLAYING
Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.