Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are:

-40 years old, with little innovation

-Haven’t solved the problem.

In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different:

-Prove bugs, rather than trying to list all of them.

-Zero false positives, which leads to better autonomy.

Segment Resources:

Article on competition: https://www.darpa.mil/about-us/timeli...

Technical article on approach: https://spectrum.ieee.org/mayhem-the-...

Example vulns discovered:

https://forallsecure.com/blog/foralls...

https://github.com/forallsecure/vulne...

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/vault-esw-12