Paul's Security Weekly (Audio) Its Not Really A 0-Day - PSW #866
Mar 20, 2025
Dive into the fascinating world of cybersecurity myths, where the truth about zero-day vulnerabilities is unraveled. Discover the risks of supply chain attacks on GitHub Actions and the pressing need for robust security measures. The conversation also highlights the significance of contextual vulnerability management and the complexities of compliance in evolving tech landscapes. Enjoy humorous anecdotes about challenges in the tech realm, along with insights on transitioning to Linux and the implications of IoT security vulnerabilities.
AI Snips
Chapters
Transcript
Episode notes
Storytelling Sells Security
- Great cybersecurity marketing draws you in with a strong hook and narrative like 'Gapsville' did.
- Good storytelling makes skills-gap issues accessible and memorable.
Document Compensating Controls
- If a vendor has no patch, document compensating controls like increased monitoring and logging.
- Use that documentation to demonstrate risk management to auditors and regulators.
Prioritize By Attacker Path
- Prioritize vulnerabilities by attacker path and exposure rather than blanket patching.
- Focus first on services and interfaces attackers can reach, then lower-priority firmware issues.