Sign up to save your podcasts
Or
Share Getting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Getting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356
NVD checked out, then they came back? Maybe?
Should the xz backdoor be treated as a vulnerability?
Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats?
What were some of the takeaways from the first-ever VulnCon?
EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it?
How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits are ready and in the wild?
There's SO much going on in the vulnerability management space, but we'll try to get to the bottom of some of in in this episode. In this interview, we talk to Patrick Garrity about the messy state of vulnerability management and how to get it back on the rails.
Segment Resources:
- Exploitation TImelines
- NVD
- Sources for known exploitation
- Exploitation in the Wild - Rockstar
As we near RSA conference season, tons of security startups are coming out of stealth! The RSA Innovation Sandbox has also announced the top 10 finalists, also highlighting early stage startups that will be at the show.
In this week's news segment,
- We discuss the highlights of the Cyber Safety Review Board's detailed and scathing report on Microsoft's 2023 breach
- We spend a bit of time on the xz backdoor, but not too much, as it has been covered comprehensively elsewhere
- We discover half a dozen of the latest startups to receive funding or come out of stealth: Coro, Skyflow, Zafran, Permiso, Bedrock Security, Abstract Security, and Sandfly
- Apple is reportedly going to have some big AI announcements this summer, and we discuss how overdue voice assistants are for an LLM makeover.
- Finally, we discuss the amazing innovation that is the Volkswagen RooBadge!
By the way, the thumbnail is a reference to the xz backdoor link we include in the show notes: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-356
View all episodes
By Security Weekly Productions
4.9
1414 ratings
NVD checked out, then they came back? Maybe?
Should the xz backdoor be treated as a vulnerability?
Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats?
What were some of the takeaways from the first-ever VulnCon?
EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it?
How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits are ready and in the wild?
There's SO much going on in the vulnerability management space, but we'll try to get to the bottom of some of in in this episode. In this interview, we talk to Patrick Garrity about the messy state of vulnerability management and how to get it back on the rails.
Segment Resources:
- Exploitation TImelines
- NVD
- Sources for known exploitation
- Exploitation in the Wild - Rockstar
As we near RSA conference season, tons of security startups are coming out of stealth! The RSA Innovation Sandbox has also announced the top 10 finalists, also highlighting early stage startups that will be at the show.
In this week's news segment,
- We discuss the highlights of the Cyber Safety Review Board's detailed and scathing report on Microsoft's 2023 breach
- We spend a bit of time on the xz backdoor, but not too much, as it has been covered comprehensively elsewhere
- We discover half a dozen of the latest startups to receive funding or come out of stealth: Coro, Skyflow, Zafran, Permiso, Bedrock Security, Abstract Security, and Sandfly
- Apple is reportedly going to have some big AI announcements this summer, and we discuss how overdue voice assistants are for an LLM makeover.
- Finally, we discuss the amazing innovation that is the Volkswagen RooBadge!
By the way, the thumbnail is a reference to the xz backdoor link we include in the show notes: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-356
More shows like Enterprise Security Weekly (Audio)
View all
NPR News Now
14,602 Listeners
Last Podcast On The Left
51,341 Listeners
This Week in Tech (Audio)
3,060 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
CyberWire Daily
1,028 Listeners
Security Weekly News (Audio)
33 Listeners
Darknet Diaries
8,113 Listeners
Unsubscribe Podcast
2,181 Listeners
Risky Bulletin
45 Listeners