Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault

Enterprise Security Weekly (Audio)
20/06/2024 32 min
Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault

Listen "Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault"

Descargar episodio Ver en sitio original

Episode Synopsis

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren't going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven't solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy. Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Show Notes: https://securityweekly.com/vault-esw-12

More episodes of the podcast Enterprise Security Weekly (Audio)

OT Security Doesn't Have to be a Struggle, Spotting Red Flags, Enterprise News - Joshua Hay, Todd Peterson - ESW #432 10/11/2025
Transforming Frontline Workflows with Passwordless Access, AI costs, and the News - Joel Burleson-Davis - ESW #431 03/11/2025
Securing AI Agents with Dave Lewis, Enterprise News, and interviews from Oktane 2025 - Mike Poole, Conor Mulherin, Dave Lewis - ESW #430 27/10/2025
Mitigating attacks against AI-enabled Apps, Replacing the CIA triad, Enterprise News - David Brauchler - ESW #429 20/10/2025
New book from Dr. Anand Singh, why CISOs buy, and the latest news - Anand Singh - ESW #428 13/10/2025
AI & IAM: Where Security Gets Superhuman (Or Supremely Stuck) - Matt Immler, Heather Ceylan, Alexander Makarov, Nitin Raina, Dor Fledel, Aaron Parecki - ESW #427 06/10/2025
Live interviews from Oktane 2025: threats, AI in apps, and AI in cybersecurity tools - Brett Winterford, Shiv Ramji, Damon McDougald - ESW #426 29/09/2025
Disruption is Coming for the Vulnerability Management Market - Tod Beardsley - ESW #425 22/09/2025
Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424 15/09/2025
Ransomware, Agentic AI, and Supply Chain Risks: Insights from Black Hat 2025 - HD Moore, Jason Passwaters, J.J. Guy, Theresa Lanowitz, Mickey Bresman, Yuval Wollman, Jawahar "Jawa" Sivasankaran - ESW #423 08/09/2025
© 2003-2025 ZARZA | AHEAD OF OUR TIME
privacy policy
In God we trust In God we trust
PreSales Questions? Click Here
or call our toll-free line at +1-888-5002068 Miami, Florida, USA