Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault
20 June 2024 - 32 minsLog4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are:
-40 years old, with little innovation
-Haven’t solved the problem.
In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different:
-Prove bugs, rather than trying to list all of them.
-Zero false positives, which leads to better autonomy.
Segment Resources:
Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge
Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vuln...
Series Episodes
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426
54 mins
17 December Finished
Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's pix, Aaran Leyland. - SWN #538
34 mins
16 December Finished
Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361
1 hour 3 mins
16 December Finished
Illuminating Data Blind Spots, Topic, Enterprise News - Tony Kelly - ESW #437
1 hour 49 mins
15 December Finished
Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet... - SWN #537
30 mins
12 December Finished
Tech Segment: MITM Automation + Security News - Josh Bressers - PSW #904
2 hours 7 mins
11 December Finished
