Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault
20 June 2024 - 32 minsLog4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are:
-40 years old, with little innovation
-Haven’t solved the problem.
In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different:
-Prove bugs, rather than trying to list all of them.
-Zero false positives, which leads to better autonomy.
Segment Resources:
Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge
Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vuln...
Series Episodes
$200,000 Zoom Call, Microsoft, Zero-Click, China & HD With $649 million of Bitcoin - SWN #485
28 mins
13 June Finished
Security Money: The Index is Up, CISOs Need to Get Out, and Are You Burning Out? - BSW #399
56 mins
11 June Finished
Vixen Panda, NPM, Roundcube, IoT, 4Chan, Josh Marpet, and more... - SWN #484
32 mins
10 June Finished
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
1 hour 9 mins
10 June Finished
