Out-of-Bounds Read, the CWE/CAPEC Program Podcast!

Out-of-Bounds Read, the CWE/CAPEC Program Podcast!

Out-of-Bounds Read is a podcast made with the software and hardware development communities in mind. We show you how the latest cybersecurity weaknesses and attack patterns can be mitigated before they become more significant vulnerabilities by leveraging CWE and CAPEC. Join us for monthly discussions with the teams behind these resources as well as interviews with industry experts.Webpages: https://cwe.mitre.org/ https://capec.mitre.org/Twitter: https://twitter.com/CweCapecLinked In: https://www.linkedin.com/showcase/cve-cwe-capec/Podcast: https://medium.com/@CWE_CAPEC

Episodes

June 8, 2022 27 min

In this episode, we chat with Pietro Braione of Università degli Studi di Milano - Bicocca about how he uses CWE and CAPEC to help in college-level classes to teach cybersecurity. How the taxonomy can help teach the breath of issues for software development is also discussed.

Share
Mark as Played

In this episode, we talk with Cisco’s Tim Wadhwa-Brown, Security Research and Offensive Security for Professional Services in Europe and Jared Pendleton, Advanced Security Initiatives Group on about Cisco using CWE in for finding and fixing vulnerabilities. They find it useful to help categorize the types of vulnerabilities to help determine the root cause of possible future vulnerabilities. 

Share
Mark as Played

This episode invites Larry Cashdollar to talk about the types of weaknesses in the many CVEs he has found and how the frequency of these weaknesses have changed. We focus on weakness that are not just buffer overflows.

CWE List of weaknesses
Larry Cashdollar, CVE Numbering Authority 
Akamai 



Share
Mark as Played

This episode invites hardware experts to discuss hardware CWEs and the 2021 CWE Most Important Hardware Weaknesses. We discuss how this list will help the community, their favorite entries and surprising items on the list, and stories around hardware weaknesses. 

Guests include: 

 

  • Jason Fung, Director of Offensive Security Research and Academic Research Engagement at Intel
  •  

  • Jason Oberg, Cofounder and Chief Technology Officer at Tortug...
  • Share
    Mark as Played
    October 14, 2021 49 min

    This episode is a special cybersecurity awareness month podcast where we discuss the 15-year history and future of the CWE/CAPEC program. Interviewees include:
     -Bob Martin, Senior Principal Software and Supply Chain Assurance Engineer at MITRE
     -Joe Jarzombek, Director of Government and Critical Infrastructure Programs at Synopsis
     -Chris Eng, Chief Research Officer at Veracode
     -Chris Levendis, CWE/CAPEC Project Leader at MITRE
     -Drew...

    Share
    Mark as Played

    Welcome to the third episode of Out-of-Bounds Read, the CWE/CAPEC Program podcast!
     
     In episode 3, Steve Battista of the CWE/CAPEC Program interviews Rushi Purohit, who has helped lead the efforts behind the last few years' Top 25 most dangerous software weaknesses publications. We talk about the new 2021 release of this list.
     
     Resources mentioned in this episode:
     Top 25 most dangerous software weaknesses: https://cwe.mitre.org/...

    Share
    Mark as Played

    Welcome to the second episode of Out-of-Bounds Read, the CWE/CAPEC Program podcast!

    In episode 2, Steve Battista of the CWE/CAPEC Program interviews Rich Piazza,  the CAPEC Task Lead, about what Common Attack Pattern Enumeration and Classification (CAPEC™) is and the problem it aims to solve, who can benefit from CAPEC and how to leverage it, the role of the community, how CAPEC has evolved over time, and possibilities for the futur...

    Share
    Mark as Played

    Welcome to the inaugural episode of Out-of-Bounds Read, the CWE/CAPEC Program podcast!

    In episode 1, Steve Battista of the CWE/CAPEC Program interviews Steve Christey Coley, the CWE/CAPEC Program Technical Lead, about what Common Weakness Enumeration (CWE™) is and the problem it aims to solve, who can benefit from CWE and how to leverage it, the role of the community, how CWE has evolved over time, and possibilities for the future.

    R...

    Share
    Mark as Played

    Popular Podcasts

      Serial is a podcast from Serial Productions, a New York Times company, hosted by Sarah Koenig. Serial unfolds one story - a true story - over the course of a whole season. The show follows the plot and characters wherever they lead, through many surprising twists and turns. Sarah won't know what happens at the end of the story until she gets there, not long before you get there with her. Each week she'll bring you the latest chapter, so it's important to listen in, starting with Episode 1. New episodes are released on Thursday mornings.

      Crime Junkie

      If you can never get enough true crime... Congratulations, you’ve found your people.

      Morbid

      It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.

      The Official Game of Thrones Podcast: House of the Dragon

      Welcome to the Official Game of Thrones Podcast: House of the Dragon produced by HBO Max and iHeartRadio. This show is the go-to audio destination to unpack and discuss everything Game of Thrones for casual and die-hard fans alike, starting with the new HBO Original series, House of the Dragon. Join our hosts Jason Concepcion (X-Ray Vision) and Greta Johnsen (WBEZ's Nerdette podcast) every week as they share insights, fan questions, exclusive interviews with the cast and crew, and a whole lot of thoughts and opinions. It’s the only podcast with the inside scoop on all things Game of Thrones. It is also produced in association with Crooked Media.

      Dateline NBC

      Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

    Advertise With Us

    For You

      Music, radio and podcasts, all free. Listen online or download the iHeart App.

      Connect

      © 2022 iHeartMedia, Inc.