![All the News - Just Six Months Later - Application Security Weekly #265 Image](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcLzlcXFwvMVxcXC81XFxcL2RcXFwvOTE1ZGQ1NjRhZjhhMmMzZDg4YzRhNjhjM2RkYmM0ZjJcXFwvQVNXXzI2NV9zZWdfMV8xMzEyZDYxNy02NGIxLTQ4NDctYmZjZS00ODBmMjgwMTAyNDQuanBnXCIsXCJ3aWR0aFwiOjI4MCxcImhlaWdodFwiOjI4MCxcImRlZmF1bHRcIjpcImh0dHBzOlxcXC9cXFwvd3d3LmdvbG91ZG5vdy5jb21cXFwvaW1hZ2VzXFxcL2xvZ28uc3ZnXCIsXCJvcHRpb25zXCI6W119IiwiaGFzaCI6IjcxNTA1MzI4ZjFkYTMxMDJmY2ZiMjM0MzRhMjcxNDAwNTQzZGQ4NzgifQ==/all-the-news-just-six-months-later-application-security-weekly-265.jpg)
All the News - Just Six Months Later - Application Security Weekly #265
5 December 2023 - 1 hour 10 minsWe cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend.
So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays and yawns.
CISA's Secure by Design and Secure by Default CVSS 4.0 Generative AI MFA mandates Microsoft, Rust, and Memory Safety New TLDs OAuth OpenSSF and OWASP In the news, repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's fir...
![Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch, Edward Wu - ESW #369](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcLzBcXFwvMlxcXC8zXFxcLzZcXFwvMDIzNjNhOGI3NTBmZDZmYzI3YTIzMjI4MTNiMzkzZWVcXFwvRVNXXzM2OV9QT0RfVEhVTUJOQUlMX1RFTVBMQVRFX2NvcHlfM2JjYjQ3ZTEtMTZkMS00ZTJkLWI3ZTUtYWZiMDY3YjI3YWU5LmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiMjAxZTVmOGQ4NWM5YzE4NGI4MWEwMDE4YWU5NTQzNzFhNjFhNzVjNCJ9/generative-ai-as-used-by-defenders-and-attackers-will-drive-soc-evolution-greg-notch-edward-wu-esw-369.jpg)
Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch, Edward Wu - ESW #369
1 hour 58 mins
26 July Finished
![Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcL2VcXFwvYVxcXC9hXFxcLzdcXFwvZWFhN2U1M2IxMzQ3OTQ4ZjI3YTIzMjI4MTNiMzkzZWVcXFwvU1dOXzQwMV9wb2RfNDgwYzU1MzMtZTE4YS00ZTM3LWE0NWYtMWU2N2UwYzY0NzVkLmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiM2RjNzY5NTU0ZjUwNjJiYmM0Y2YyMzQ1MTZjOTVhNTE3YTg5NTA5YiJ9/twitter-the-doj-darkseoul-fake-employees-plugx-stargazer-ghost-aaran-leyland-swn-401.jpg)
Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401
31 mins
26 July Finished
![MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcL2FcXFwvZlxcXC9jXFxcL2ZcXFwvYWZjZjE3YmIxY2RhYjU3NjI3YTIzMjI4MTNiMzkzZWVcXFwvUFNXXzgzNl9zZWdfMV9QT0RfYWI2MTljNWEtYTEzMC00ODE5LTgwZjItOTBmZGNkOGJhYmMyLmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiODUyZWQ2ZWMzMzQyNWEwM2NiNzI1NWE2MWVmZWQ5M2ExZDViMWNiNSJ9/ms-patch-tuesday-which-vulnerabilities-really-need-prioritizing-douglas-mckee-psw-836.jpg)
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836
3 hours 4 mins
25 July Finished
![Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcL2NcXFwvY1xcXC8xXFxcLzBcXFwvY2MxMDQ1YTMwZTVhOGVhMjI3YTIzMjI4MTNiMzkzZWVcXFwvU1dOXzQwMF9QT0RfMDdiNTUzNzAtMjk0Yy00MzliLWE3MWEtNWU3NzIzOTQ1MzA5LmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiMWExYjU1MTJjNjJmNDA5YTAzM2ZhNjJjMDFiZjY1YzQ4ZDg5YjYyOCJ9/killer-robots-crowdstrike-southwest-play-frostygoop-josh-marpet-and-more-swn-400.jpg)
Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400
34 mins
23 July Finished
![Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcL2JcXFwvNFxcXC9kXFxcLzZcXFwvYjRkNmI1Yzc1MWE0ZjBhNmU1NWUzYzEwMGRjZTc2MDVcXFwvQVNXXzI5Ml9zZWdfMV9QT0RfYjA5YWY4ZjQtMzVmNi00M2JkLThiYWMtM2U4OGYwNDVkYjQ5LmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiNTI1MTYwZWJjOTk0OWQ5MDhjMmUyZTVhMjM0NzdlNzViNjIwMWQ3YSJ9/where-generative-ai-can-actually-help-security-and-where-it-doesn-t-farshad-abasi-allie-mellen-asw-292.jpg)
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292
1 hour 5 mins
23 July Finished
![Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcLzlcXFwvN1xcXC8wXFxcLzVcXFwvOTcwNTBkYzc2YmYzN2RmMGU1NWUzYzEwMGRjZTc2MDVcXFwvQlNXXzM1Ny4yX1BPRF9USFVNQk5BSUxfVEVNUExBVEVfMzkzZDhiMjktNjIwNy00ZDUyLTkwODQtNzM3YzA4MTZlNjBhLmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiNTE0MWE1ZWZkOTJkYTk1ZjMxY2VmYTk1ZWI0M2I3OTA4N2IyMzI1ZSJ9/closing-ciso-ceo-communication-gap-requires-a-common-business-language-sumedh-thakar-jeff-recor-bsw-357.jpg)
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357
1 hour 11 mins
23 July Finished