The Everything Feed - All Packet Pushers Pods PP057: Behind the Scenes At Cisco: PSIRT, AI, CVEs, and VEX
4 snips
Apr 8, 2025 Omar Santos, a Distinguished Engineer at Cisco with 16 years in leading PCERT, shares insights on cybersecurity challenges at Cisco. He discusses the intricacies of identifying security bugs across their vast product portfolio and the critical integration of AI in vulnerability management. The conversation delves into the synergy between Software Bill of Materials and Vulnerability Exploitability Exchange, highlighting a shift towards automated vulnerability tracking. Omar also emphasizes the growing sophistication of cyber threats and the importance of transparency in communication about vulnerabilities.
AI Snips
Chapters
Transcript
Episode notes
Omar's Journey
Omar Santos joined Cisco right after serving in the Marine Corps. He has been with the company for over 25 years, highlighting his deep commitment to cybersecurity.
The Nature of Vulnerabilities
Vulnerabilities are not limited to first-party software; open-source components also pose risks. The focus should shift toward understanding and managing vulnerabilities across all software.
Vulnerability Disclosure
Disclose vulnerabilities immediately when there's public knowledge of exploitation, even if no fix is available. This transparency aids in risk awareness for organizations.