BROADCASTS.com

b'

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren\\u2019t going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven\\u2019t solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy.

\\xa0

Segment Resources:

Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge

Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them

Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot

https://github.com/forallsecure/vulnerabilitieslab

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw255