Creating Code Security Through Better Visibility - Christien Rioux - ASW #273

<p>We've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positives. Sometimes it burdens us with too many issues. We talk about finding a scanning strategy that works well and what the definition of "works well" should even be.</p> <p>Segment Resources:</p> https://www.lacework.com/blog/introducing-a-new-approach-to-code-security/ <p>LLMs improve fuzzing coverage, the Shim vuln threatens Linux secure boot, considering AI application threat models, a new language for a configuration file format, and more!</p> <p>Visit https://www.securityweekly.com/asw for...