The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations.

We discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities.

The need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.

Links:

• Transcript (unedited, AI-generated)
• Qualys: Remote Unauthenticated Code Execution in OpenSSH
• CSRB report on Microsoft hack
• CISA secure-by-design pledge
• CCC Talk: Operation Triangulation
• Lawfare: Responsible Cyber Offense
• Google: Stop Burning Counterterrorism Operations
• Follow Dave Aitel on Twitter
• J. A. Guerrero-Saade on Twitter
• Costin Raiu on Twitter
• Follow Ryan Naraine (@ryanaraine) on Twitter
• LABScon - Security Research in Real Time