Paul's Security Weekly (Audio) Its Not Really A 0-Day - PSW #866
Mar 20, 2025
Dive into the fascinating world of cybersecurity myths, where the truth about zero-day vulnerabilities is unraveled. Discover the risks of supply chain attacks on GitHub Actions and the pressing need for robust security measures. The conversation also highlights the significance of contextual vulnerability management and the complexities of compliance in evolving tech landscapes. Enjoy humorous anecdotes about challenges in the tech realm, along with insights on transitioning to Linux and the implications of IoT security vulnerabilities.
AI Snips
Chapters
Transcript
Episode notes
Trolling Microsoft With A Video
- Will Doman made a 14-minute screenshot video to troll Microsoft when they asked for a video demonstration.
- Paul and the panel sided with Doman's frustration over Microsoft's request.
Make Disclosures Easy To Reproduce
- Vendor–researcher friction often stems from poor disclosure context and reproduction details.
- Researchers should include clear executive summaries to speed vendor validation and remediation.
Crawlers Need Responsible Data Feeds
- AI-augmented crawlers can speed data harvesting but create a crawler arms race with site owners.
- Publishing structured feeds (RSS/JSON) avoids abusive scraping and eases legitimate indexing.