Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
内容由CCC media team提供。所有播客内容(包括剧集、图形和播客描述)均由 CCC media team 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
类似 Chaos Computer Club - recent events feed (high quality) 的节目
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k
484
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it's nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what's possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Redefining AI is a Three-Time Award-Winning Tech Podcast that cuts through the noise! Join Lauren Hawker Zafer, Chief Operating Officer at Squirro and Stevie Silver Award–winning creator, for a bold, thought-provoking exploration of artificial intelligence. Celebrated as intellectually rigorous, globally relevant, and truly unique, the show examines how AI shapes us socially, psychologically, and even physiologically. Each episode brings together leading academics, authors, executives, and i ...
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
We help founders make something people want. The Y Combinator Podcast is where builders talk about building. From the earliest days of an idea to scaling a company that changes the world, YC partners and founders share real stories, lessons, and tactics from the frontlines.
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
))
The Surprising Complexity of Finding Known Vulnerabilities (god2025)
Manage episode 521384718 series 2475293
内容由CCC media team提供。所有播客内容(包括剧集、图形和播客描述)均由 CCC media team 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
With the increasing reliance on third-party software components, ensuring their security against known vulnerabilities has become a daily challenge for individuals and organizations. Despite the availability of a variety of tools and databases, we found all of them fall short when applied to real-world scenarios - raising questions about their effectiveness, generalizability, and practical utility. Starting from our perspective as penetration testers, we identified three main problems with existing solutions in vulnerability identification: Accuracy and completeness of results - Many tools exhibit limited precision and recall, often depending on a single data source (e.g. NVD) and overlooking critical indicators such as known exploits or patch history. Rigid input requirements - Most solutions enforce strict formatting constraints (e.g., requiring exact CPEs), creating usability and reliability issues when dealing with diverse or incomplete data. Lack of usable outputs - The inability to meaningfully export or integrate results into broader workflows hampers both manual and automated security processes. In order to solve these challenges, we developed the open-source tool search_vulns. It leverages information from multiple data sources and uses text comparison techniques and CPEs in combination to increase accuracy in software identification. Due to this approach, it can even automatically generate CPEs that have yet to be published. Together with its custom logic for version comparison, this further enhances the quality of results. Finally, search_vulns provides a fine-granular export of results in different formats. In conclusion, this talk aims to simplify the surprising complexity of finding known vulnerabilities in software. To do so, we discuss common challenges in mapping software names to CPEs, e.g. for product rebrandings, single-version vulnerabilities and yet to be published software versions. In addition, we present an approach using multiple data sources in combination to enrich CVE data with information on known exploits, likelihood of exploitability (EPSS) and other data sources. Finally, we present search_vulns as open-source tool. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de
…
continue reading
1964集单集
分享
Manage episode 521384718 series 2475293
内容由CCC media team提供。所有播客内容(包括剧集、图形和播客描述)均由 CCC media team 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
With the increasing reliance on third-party software components, ensuring their security against known vulnerabilities has become a daily challenge for individuals and organizations. Despite the availability of a variety of tools and databases, we found all of them fall short when applied to real-world scenarios - raising questions about their effectiveness, generalizability, and practical utility. Starting from our perspective as penetration testers, we identified three main problems with existing solutions in vulnerability identification: Accuracy and completeness of results - Many tools exhibit limited precision and recall, often depending on a single data source (e.g. NVD) and overlooking critical indicators such as known exploits or patch history. Rigid input requirements - Most solutions enforce strict formatting constraints (e.g., requiring exact CPEs), creating usability and reliability issues when dealing with diverse or incomplete data. Lack of usable outputs - The inability to meaningfully export or integrate results into broader workflows hampers both manual and automated security processes. In order to solve these challenges, we developed the open-source tool search_vulns. It leverages information from multiple data sources and uses text comparison techniques and CPEs in combination to increase accuracy in software identification. Due to this approach, it can even automatically generate CPEs that have yet to be published. Together with its custom logic for version comparison, this further enhances the quality of results. Finally, search_vulns provides a fine-granular export of results in different formats. In conclusion, this talk aims to simplify the surprising complexity of finding known vulnerabilities in software. To do so, we discuss common challenges in mapping software names to CPEs, e.g. for product rebrandings, single-version vulnerabilities and yet to be published software versions. In addition, we present an approach using multiple data sources in combination to enrich CVE data with information on known exploits, likelihood of exploitability (EPSS) and other data sources. Finally, we present search_vulns as open-source tool. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de
…
continue reading
1964集单集
كل الحلقات
×
欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。
类似 Chaos Computer Club - recent events feed (high quality) 的节目
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
1
The Ticket: Discover the Future of Customer Service, Support, and Experience, with Intercom
Intercom
1k484
On The Ticket, you'll hear Intercom's Customer Support team in conversation with the customer service leaders, renowned customer experience thinkers, and influential authors who are shaping the field of customer support. Follow The Ticket to get the weekly episodes and sign up for our twice-monthly newsletter bursting with all the insights, trends, tips, and assets your team needs to embrace the future of customer service. https://www.intercom.com/blog/newsletter 🏠 www.intercom.com
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it's nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what's possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Redefining AI is a Three-Time Award-Winning Tech Podcast that cuts through the noise! Join Lauren Hawker Zafer, Chief Operating Officer at Squirro and Stevie Silver Award–winning creator, for a bold, thought-provoking exploration of artificial intelligence. Celebrated as intellectually rigorous, globally relevant, and truly unique, the show examines how AI shapes us socially, psychologically, and even physiologically. Each episode brings together leading academics, authors, executives, and i ...
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
We help founders make something people want. The Y Combinator Podcast is where builders talk about building. From the earliest days of an idea to scaling a company that changes the world, YC partners and founders share real stories, lessons, and tactics from the frontlines.
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
