ASW #204 - Larry Maccherone

0-day vulnerabilities pose a high risk because cybercriminals race to exploit them and vulnerable systems are exposed until a patch is issued & installed. These types of software vulnerabilities can be found through continuous detection but even then may not always have a patch available. It’s important for software teams to set up tools that continually look for these types of flaws, as well as defenses that let software adapt itself to an evolving threat landscape. In this episode, we will discuss the ins and outs of 0-day vulnerabilities and what the future of managing them looks like. Segment Resources: Recent 0-day blog: https://www.contrastsecurity.com/security-influencers/contrast-protect-eliminates-another-zero-day-headache What is Contrast Security video: https://www.youtube.com/watch?v=8FwY6zJX1ms The Contrast Secure Code Platform video: https://www.youtube.com/watch?v=k5CycR4R6bg   This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!   This week in the AppSec News: speculative execution attack with retbleed, CSRB's report on log4j, one-line lowercase action leads to a vuln, approaching SOC2 with secure engineering principles, free online Mac Malware book   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw204