NB523: CVE’s Reprieve, Google WAN For Sale, NVIDIA Pledges More US-Made Chips
Apr 21, 2025
auto_awesome
Jeremy Rosbach, Chief Technical Evangelist at Broadcom, dives into pressing cybersecurity shifts, spotlighting the CVE program's funding struggles and the implications of its future. He discusses Google’s new Cloud WAN service and reveals a critical vulnerability in D-Panel. The conversation also explores NVIDIA's response to geopolitical pressures in semiconductor manufacturing and the vital role of network observability in optimizing AI performance. Together, they unpack the emerging challenges in managing network infrastructures amid IT shortages.
The CVE program, vital for cybersecurity, faced funding challenges but secured an extension from CISA while a new foundation is established.
Google's rollout of its Cloud WAN service allows businesses to connect securely to Google Cloud and third-party services, raising privacy concerns.
NVIDIA's commitment to building U.S. manufacturing plants for advanced chips signals a significant shift towards onshoring tech production amidst complex global supply chains.
Deep dives
CVE Program's Funding Crisis
The CVE program, crucial to cybersecurity efforts, faced a potential funding crisis when a leaked memo revealed that government support was set to expire. This raised concerns within the cybersecurity community about the implications for information security operations that rely on the CVE database. In response to the alarmed reaction, CISA announced an extension of MITRE's funding for another 11 months, while the CVE program board initiated the establishment of the CVE Foundation to ensure its long-term viability. The foundation aims to secure independence from government funding, although details on its operation and future funding sources remain unclear.
Google's Cloud WAN Expansion
Google has introduced its Cloud WAN service, enabling enterprises and governments to connect their networks to Google Cloud and other third-party clouds, including AWS and Azure. This service offers features such as cross-site interconnect, which allows for layer 2 connections between on-premises data centers, and Google’s premium tier network that facilitates connections from branch and edge locations. While this initiative makes sense for Google to monetize its infrastructure, there are concerns regarding the company's lack of regulation compared to traditional telecommunications providers, which could impact user data privacy. Organizations considering this service are advised to consult their legal teams regarding potential risks associated with data handling.
NVIDIA's Manufacturing Plans
NVIDIA has announced plans to build factories in the U.S. for manufacturing supercomputers and chips, including the new Blackwell chips, in collaboration with partners like Foxconn and Wistron. This initiative aligns with a broader trend of onshoring strategic manufacturing capabilities in the U.S., as supported by both current and previous administrations. However, reports indicate that some advanced manufacturing processes for these chips may still need to take place in Taiwan, highlighting the complexities of global supply chains. The anticipated production of up to half a trillion dollars worth of AI infrastructure over the next four years underscores the growing demand for advanced computing power in the U.S.
Cato Networks Introduces Shadow AI Detection
Cato Networks has enhanced its CASB services with new features for shadow AI detection, allowing organizations to monitor and manage employee access to various AI applications. This addition enables companies to enforce usage policies and manage which AI tools can be utilized, aiming to mitigate risks associated with sensitive data leaks. By recognizing over 950 generative AI applications, Cato's platform not only helps in compliance but also in controlling application access. This proactive approach reflects the increasing concerns regarding the misuse of AI tools within corporate environments and emphasizes the need for effective cybersecurity measures.
Updates to SSL/TLS Certificate Lifespan
A decision has been made to reduce the lifespan of SSL/TLS certificates from 398 days to a mere 47 days by March 2029, with incremental reductions occurring over the next few years. This move aims to decrease risks associated with outdated certificates and compromised credentials while encouraging the adoption of automated renewal processes. The initiative is supported by major organizations in the tech industry, including Apple and Google, and seeks to improve overall security standards in internet communications. The gradual timeline allows organizations time to adapt to this change, emphasizing the urgent need for automated solutions in certificate management lifecycles.
Take a Network Break! We start with a red alert for the CVE program, which nearly lost government funding before CISA stepped in, and then raise an alert for a Dpanel vulnerability. Google makes its Cloud WAN available to enterprises and governments that want connectivity options, a US District Court rules Google’s ad business a... Read more »
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
