Sign up to save your podcasts
Or
Share Getting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Getting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356
NVD checked out, then they came back? Maybe?
Should the xz backdoor be treated as a vulnerability?
Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats?
What were some of the takeaways from the first-ever VulnCon?
EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it?
How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits are ready and in the wild?
There's SO much going on in the vulnerability management space, but we'll try to get to the bottom of some of in in this episode. In this interview, we talk to Patrick Garrity about the messy state of vulnerability management and how to get it back on the rails.
Segment Resources:
- Exploitation TImelines
- NVD
- Sources for known exploitation
- Exploitation in the Wild - Rockstar
As we near RSA conference season, tons of security startups are coming out of stealth! The RSA Innovation Sandbox has also announced the top 10 finalists, also highlighting early stage startups that will be at the show.
In this week's news segment,
- We discuss the highlights of the Cyber Safety Review Board's detailed and scathing report on Microsoft's 2023 breach
- We spend a bit of time on the xz backdoor, but not too much, as it has been covered comprehensively elsewhere
- We discover half a dozen of the latest startups to receive funding or come out of stealth: Coro, Skyflow, Zafran, Permiso, Bedrock Security, Abstract Security, and Sandfly
- Apple is reportedly going to have some big AI announcements this summer, and we discuss how overdue voice assistants are for an LLM makeover.
- Finally, we discuss the amazing innovation that is the Volkswagen RooBadge!
By the way, the thumbnail is a reference to the xz backdoor link we include in the show notes: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-356
View all episodes
By Security Weekly Productions
4.9
1414 ratings
NVD checked out, then they came back? Maybe?
Should the xz backdoor be treated as a vulnerability?
Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats?
What were some of the takeaways from the first-ever VulnCon?
EPSS is featured in over 100 security products, but is it properly supported by those that benefit from it?
How long do defenders have from the moment a vulnerability is disclosed to patch or mitigate it before working exploits are ready and in the wild?
There's SO much going on in the vulnerability management space, but we'll try to get to the bottom of some of in in this episode. In this interview, we talk to Patrick Garrity about the messy state of vulnerability management and how to get it back on the rails.
Segment Resources:
- Exploitation TImelines
- NVD
- Sources for known exploitation
- Exploitation in the Wild - Rockstar
As we near RSA conference season, tons of security startups are coming out of stealth! The RSA Innovation Sandbox has also announced the top 10 finalists, also highlighting early stage startups that will be at the show.
In this week's news segment,
- We discuss the highlights of the Cyber Safety Review Board's detailed and scathing report on Microsoft's 2023 breach
- We spend a bit of time on the xz backdoor, but not too much, as it has been covered comprehensively elsewhere
- We discover half a dozen of the latest startups to receive funding or come out of stealth: Coro, Skyflow, Zafran, Permiso, Bedrock Security, Abstract Security, and Sandfly
- Apple is reportedly going to have some big AI announcements this summer, and we discuss how overdue voice assistants are for an LLM makeover.
- Finally, we discuss the amazing innovation that is the Volkswagen RooBadge!
By the way, the thumbnail is a reference to the xz backdoor link we include in the show notes: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-356
More shows like Enterprise Security Weekly (Audio)
View all
Security Now (Audio)
1,965 Listeners
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
368 Listeners
CyberWire Daily
1,013 Listeners
Business Security Weekly (Audio)
3 Listeners
Smashing Security
314 Listeners
Click Here
388 Listeners
Darknet Diaries
7,843 Listeners
Cybersecurity Today
165 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
311 Listeners
Defense in Depth
78 Listeners
Cyber Security Headlines
119 Listeners
Risky Bulletin
33 Listeners