Tag: software vulnerabilities
-
Google Online Security Blog: Leveling Up Fuzzing: Finding more vulnerabilities with AI
Source URL: http://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html Source: Google Online Security Blog Title: Leveling Up Fuzzing: Finding more vulnerabilities with AI Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses significant advancements in automated vulnerability discovery utilizing AI, specifically highlighting the OSS-Fuzz project’s recent successes with AI-powered fuzzing, which led to the identification of critical vulnerabilities, including…
-
The Register: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed
Source URL: https://www.theregister.com/2024/11/20/google_ossfuzz/ Source: The Register Title: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed Feedly Summary: OSS-Fuzz is making a strong argument for LLMs in security research Google’s OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities,…
-
Alerts: 2024 CWE Top 25 Most Dangerous Software Weaknesses
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses Source: Alerts Title: 2024 CWE Top 25 Most Dangerous Software Weaknesses Feedly Summary: The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical…
-
NCSC Feed: The leaky pipe of secure coding
Source URL: https://www.ncsc.gov.uk/blog-post/leaky-pipe-secure-coding Source: NCSC Feed Title: The leaky pipe of secure coding Feedly Summary: Helen L discusses how security can be woven more seamlessly into the development process. AI Summary and Description: Yes Summary: The text emphasizes the necessity of accepting software vulnerabilities as an inherent risk while promoting a developer-centered approach to security.…
-
Schneier on Security: AIs Discovering Vulnerabilities
Source URL: https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html Source: Schneier on Security Title: AIs Discovering Vulnerabilities Feedly Summary: I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very…
-
Hacker News: Using Large Language Models to Catch Vulnerabilities
Source URL: https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html Source: Hacker News Title: Using Large Language Models to Catch Vulnerabilities Feedly Summary: Comments AI Summary and Description: Yes Summary: The Big Sleep project, a collaboration between Google Project Zero and Google DeepMind, has successfully discovered a previously unknown exploitable memory-safety vulnerability in SQLite through AI-assisted analysis, marking a significant advancement in…
-
The Register: Socket plugs in $40M to strengthen software supply chain
Source URL: https://www.theregister.com/2024/10/22/socket_slurps_40m_to_secure/ Source: The Register Title: Socket plugs in $40M to strengthen software supply chain Feedly Summary: Biz aims to scrub unnecessary dependencies from npm packages in the name of security Security-focused developer Socket announced on Tuesday it has connected with another $40 million in funding to further its efforts to safeguard the software…
-
Cloud Blog: We tested Intel’s AMX CPU accelerator for AI. Here’s what we learned
Source URL: https://cloud.google.com/blog/products/identity-security/we-tested-intels-amx-cpu-accelerator-for-ai-heres-what-we-learned/ Source: Cloud Blog Title: We tested Intel’s AMX CPU accelerator for AI. Here’s what we learned Feedly Summary: At Google Cloud, we believe that cloud computing will increasingly shift to private, encrypted services where users can be confident that their software and data are not being exposed to unauthorized actors. In support…