Exploring Common Weakness Enumeration (CWE) and Software Vulnerabilities

Get the app

Llama 3 is Here, Spending Time on Environmental Setup and More

Coding Blocks

chevron_right

notes

CHAPTER

Exploring Common Weakness Enumeration (CWE) and Software Vulnerabilities

The chapter discusses the concept of CWE and its role in identifying software weaknesses, comparing it to OWASP while highlighting the differences in their approaches. It delves into specific vulnerabilities like buffer overflows, out-of-bounds errors, and high-risk weaknesses. The conversation also includes practical tips on using grep commands in Unix and a 'tip of the week' feature on a desktop recording utility.

00:00

Transcript

chevron_right

Play full episode

chevron_right

Transcript

Episode notes

In this episode Joe introduces us to more security items you should be aware of in the world of CWE’s, Michael bends to the will of Joe and Allen in his favorite portion of the show, and Allen pontificates on the time spent setting up IDE’s and environments.

Reviews – Thank You!

iTunes: Vlad Bezden, Mom in VA, Make1977
Spotify: chutney3000, Xuraith

Upcoming Events

Atlanta Dev Con
September 7th, 2024
https://www.atldevcon.com/

Topics

Open Telemetry

The backend matters
https://opentelemetry.io/ecosystem/integrations/
- Some backends are more fully featured than others
  - Splunk Trace Analyzer
    https://docs.splunk.com/observability/en/apm/apm-spans-traces/trace-analyzer.html
  - Google Trace Explorer
    https://cloud.google.com/trace/docs/finding-traces
  - Azure OTel Guide
    https://learn.microsoft.com/en-us/azure/azure-monitor/app/opentelemetry-enable?tabs=aspnetcore
  - AWS OTel Information
    https://aws.amazon.com/otel/
The processor can decouple you
https://opentelemetry.io/docs/collector/configuration/#processors

CNCF – Cloud Native Computing Foundation

If you’re working in a cloud environment, you should know the projects here
https://www.cncf.io/projects/
Super cool visualization tool for the projects
https://landscape.cncf.io/

Llama 3 – the next version of Meta’s AI engine

“Now available with both 8B and 70B pretrained and instruction-tuned versions to support a wide range of applications”
https://llama.meta.com/llama3/

Environmental concerns over the processing required for AI

Power requirements for processing some of the LLM’s
https://www.nnlabs.org/power-requirements-of-large-language-models/
The Microsoft underwater datacenter
https://news.microsoft.com/source/features/sustainability/project-natick-underwater-datacenter/

Setting up IDE’s and environments

IDE vs old school debugging
Setup can require a significant amount of time
- Is it worth it?
- What if you’re just working on a bug?

Security Resources

What’s the difference between CWE and OWASP?
CWE (Common Weakness Enumeration) is a community-developed list of common software and hardware weaknesses.
- It’s similar to OWASP, but older (1999 vs 2001) and more general – including non web apps and (more recently) hardware
The infamous “NVD” database links CVE (Common Vulnerabilities and Exposures) to CWE
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://cwe.mitre.org/top25/archive/2023/2023_trends.html

Tips

Pre-warning – probably wouldn’t recommend installing this!

Saw a cool Windows utility called “Windrecorder” that records video and text from your desktop, and lets you rewind and search.

Uses ffmpeg to record screen into small 15-minute fragment files
Search(by window titles, text keywords, or descriptions of images)
Everything happens should only on your computer
Cons: No instant rewind (have to be out of the window), Storage is unencrypted, Not much LLM / ML fancy stuff…and security
https://tonoko.notion.site/I-made-an-open-source-app-to-rewind-search-everything-happened-on-your-screen-on-Windows-184d1a9d5edb494dba0c2f46d311ec5c
https://github.com/yuka-friends/Windrecorder

MacOS’s Spotlight is more powerful than you maybe knew
https://www.intego.com/mac-security-blog/spotlight-secrets-15-ways-to-use-spotlight-on-your-mac/
https://beebom.com/spotlight-tips-tricks/

If you’re grep command isn’t working like you thought it should, you might be a victim of content getting kicked out of the buffer
grep --line-buffered

iOS – get text from images
https://support.apple.com/guide/iphone/use-live-text-iphcf0b71b0e/ios

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Home Top podcasts Popular guests