Explore a rapid response approach to neutralizing software vulnerabilities through Security Workarounds for Rapid Response (SWRRs) in this 20-minute IEEE conference talk. Learn how SWRRs leverage existing error-handling code to mitigate security risks during the window between vulnerability discovery and patch release. Discover the Talos system, which automatically instruments SWRRs into applications, and examine its effectiveness across five popular Linux server applications. Analyze the potential of SWRRs to safely mitigate 75.1% of vulnerabilities while maintaining functionality comparable to traditional configuration workarounds. Gain insights into static code analysis, deployment modes, and the challenges and advantages of this innovative security approach.
Talos - Neutralizing Vulnerabilities with Security Workarounds for Rapid Response
Overview
Syllabus
Intro
Prepatch Window
Bug Reports
Workarounds
Configuration workarounds
Objectives
Deployment modes
Challenges
Advantages
Static Code Analysis
Security
Courage
Average Talos
Conclusion
Interview
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
-
DevSecOps Fundamentals
-
Bugs Ruin Everything - Keynote on Vulnerability Analysis and Exploitation
-
The Attack of the Clones - A Study of the Impact of Shared Code on Vulnerability Patching
-
Are We Forever Doomed to Software Supply Chain Security?
-
Introduction to Inner-Loop Security - Shifting Left, but Better
-
Adventures in Reviewing Mountains of Code
