It’s been a week since CVE-2021-44228, a remote code execution vulnerability in Log4J 2.x, hit the world. Hopefully by now everybody reading this has updated their Java deployments with the latest Log4J libraries. But no doubt there’s another vulnerability, in some popular framework or library, just waiting to make its presence known. This post is about Cloud features that act to minimize the blast radius of such vulnerabilities.
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.
Finally, we might be seeing the end of stupid software patents The potential downside of the internet of things? As if on cue, ShellShock is a bash vulnerability. A big one Here’s some fun for discussion – Why you should not implement layered architecture – ducking before the clots of dirt fly… We had to … Read More
A recent SSL / TLS vulnerability causes temporary panic in the recording room when Joel knocks over the headphone mixer… But seriously folks, it’s a doosie, one we’ll be watching over the next few weeks. The mixer mishap is pretty funny though. Also, I think I (Ken) mis-quoted the article about Don’s PhoneGap Build plugin. … Read More