Out-of-Bounds Read, the CWE/CAPEC Program Podcast!

Follow Out-of-Bounds Read, the CWE/CAPEC Program Podcast!
Share on
Copy link to clipboard

Out-of-Bounds Read is a podcast made with the software and hardware development communities in mind. We show you how the latest cybersecurity weaknesses and attack patterns can be mitigated before they become more significant vulnerabilities by leveraging

CWECAPEC


    • Jun 8, 2022 LATEST EPISODE
    • infrequent NEW EPISODES
    • 29m AVG DURATION
    • 8 EPISODES


    Search for episodes from Out-of-Bounds Read, the CWE/CAPEC Program Podcast! with a specific topic:

    Latest episodes from Out-of-Bounds Read, the CWE/CAPEC Program Podcast!

    Using CWE/CAPEC in Education

    Play Episode Listen Later Jun 8, 2022 27:55


    In this episode, we chat with Pietro Braione of Università degli Studi di Milano - Bicocca about how he uses CWE and CAPEC to help in college-level classes to teach cybersecurity. How the taxonomy can help teach the breath of issues for software development is also discussed.

    Why Cisco Uses CWE While Looking at Fixing Vulnerabilities

    Play Episode Listen Later Feb 15, 2022 28:11


    In this episode, we talk with Cisco's Tim Wadhwa-Brown, Security Research and Offensive Security for Professional Services in Europe and Jared Pendleton, Advanced Security Initiatives Group on about Cisco using CWE in for finding and fixing vulnerabilities. They find it useful to help categorize the types of vulnerabilities to help determine the root cause of possible future vulnerabilities. 

    Beyond the Buffer Overflow: Finding Weaknesses in Software, an Interview with Larry Cashdollar (Akamai)

    Play Episode Listen Later Feb 15, 2022 19:21


    This episode invites Larry Cashdollar to talk about the types of weaknesses in the many CVEs he has found and how the frequency of these weaknesses have changed. We focus on weakness that are not just buffer overflows. CWE List of weaknesses Larry Cashdollar, CVE Numbering Authority  Akamai 

    About the 2021 CWE Most Important Hardware Weaknesses

    Play Episode Listen Later Dec 1, 2021 58:15


    This episode invites hardware experts to discuss hardware CWEs and the 2021 CWE Most Important Hardware Weaknesses. We discuss how this list will help the community, their favorite entries and surprising items on the list, and stories around hardware weaknesses. Guests include:  Jason Fung, Director of Offensive Security Research and Academic Research Engagement at Intel Jason Oberg, Cofounder and Chief Technology Officer at Tortuga Logic Paul Wortman, Cybersecurity Research Scientist at Wells Fargo Jasper von Woudenberg, CTO of Riscure North America and author of the Hardware Hacking Handbook  Nicole Fern, Senior Security Analyst at Riscure  References from this episode: The 2021 CWE Most Important Hardware Weaknesses: https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html 

    The CWE/CAPEC 15th Anniversary Special

    Play Episode Listen Later Oct 14, 2021 49:06


    This episode is a special cybersecurity awareness month podcast where we discuss the 15-year history and future of the CWE/CAPEC program. Interviewees include: -Bob Martin, Senior Principal Software and Supply Chain Assurance Engineer at MITRE -Joe Jarzombek, Director of Government and Critical Infrastructure Programs at Synopsis -Chris Eng, Chief Research Officer at Veracode -Chris Levendis, CWE/CAPEC Project Leader at MITRE -Drew Buttner, Software Assurance Capability Area Lead at MITREReferences from this episode: IS0/IEC 5055:2021 - Information technology; Software measurement; Software quality measurement; Automated source code quality measures - https://www.iso.org/standard/80623.htmlCWE-1340 - https://cwe.mitre.org/data/definitions/1340.htmlSBOM - https://www.ntia.gov/SBOM

    All about the 2021 Top 25 most dangerous software weaknesses

    Play Episode Listen Later Sep 14, 2021 17:49


    Welcome to the third episode of Out-of-Bounds Read, the CWE/CAPEC Program podcast!  In episode 3, Steve Battista of the CWE/CAPEC Program interviews Rushi Purohit, who has helped lead the efforts behind the last few years' Top 25 most dangerous software weaknesses publications. We talk about the new 2021 release of this list.  Resources mentioned in this episode: Top 25 most dangerous software weaknesses: https://cwe.mitre.org/top25/ CAPEC website - https://capec.mitre/org CWE/CAPEC on Twitter - https://twitter.com/cwecapec

    What is CAPEC, Why is It important, and How Can it Help Me?

    Play Episode Listen Later Aug 24, 2021 13:46


    Welcome to the second episode of Out-of-Bounds Read, the CWE/CAPEC Program podcast!In episode 2, Steve Battista of the CWE/CAPEC Program interviews Rich Piazza,  the CAPEC Task Lead, about what Common Attack Pattern Enumeration and Classification (CAPEC™) is and the problem it aims to solve, who can benefit from CAPEC and how to leverage it, the role of the community, how CAPEC has evolved over time, and possibilities for the future.Resources mentioned in this episode:CAPEC website - https://capec.mitre/org CWE/CAPEC on Twitter - https://twitter.com/cwecapec 

    What is CWE, Why is It important, and How Can it Help Me?

    Play Episode Listen Later Aug 5, 2021 24:01


    Welcome to the inaugural episode of Out-of-Bounds Read, the CWE/CAPEC Program podcast!In episode 1, Steve Battista of the CWE/CAPEC Program interviews Steve Christey Coley, the CWE/CAPEC Program Technical Lead, about what Common Weakness Enumeration (CWE™) is and the problem it aims to solve, who can benefit from CWE and how to leverage it, the role of the community, how CWE has evolved over time, and possibilities for the future.Resources mentioned in this episode:CWE/CAPEC on Twitter - https://twitter.com/cwecapecCWE Submissions Form & Guidelines - http://cwedev1-mcl.mitre.org/communit...Common Vulnerability Scoring System (CVSS) - https://www.first.org/cvss/U.S. National Vulnerability Database's (NVD) CVSS calculator - https://nvd.nist.gov/vuln-metrics/cvss

    Claim Out-of-Bounds Read, the CWE/CAPEC Program Podcast!

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel