Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault
20 June - 32 minsLog4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are:
-40 years old, with little innovation
-Haven’t solved the problem.
In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different:
-Prove bugs, rather than trying to list all of them.
-Zero false positives, which leads to better autonomy.
Segment Resources:
Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge
Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vuln...
Series Episodes
Secure By Default - How do we get there? - Andy Syrewicze - PSW #848
3 hours 6 mins
24 October Finished
Doom Brain, E2EE, OT, Adload, Cisco, VMware, internet archive, Josh Marpet ... - SWN #424
29 mins
22 October Finished
Aligning Tech Execs on Cyber Resilience - Theresa Lanowitz - BSW #369
1 hour 1 min
22 October Finished
The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304
1 hour 17 mins
21 October Finished
Stealing, Kubernetes, Passkeys, SolarWinds, Intel, Sextortion, and... - SWN #423
33 mins
18 October Finished
Cybersecurity Success is Business Success - Renuka Nadkarni, Theresa Lanowitz - ESW #380
1 hour 46 mins
18 October Finished
