Full episode and show notes

Vulnerability Management, Zero trust, Security Architecture

You Can’t Defend What You Can’t Define – Sergey Bratus – PSW #816

As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a hacker. That experience set him on his life’s mission to learn as much as he can about the vulnerabilities of software and hardware with the goal of learning how to best minimize or eliminate those vulner...

February 7, 2024

Full Segment Notes

As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a hacker. That experience set him on his life’s mission to learn as much as he can about the vulnerabilities of software and hardware with the goal of learning how to best minimize or eliminate those vulnerabilities. Noting his embrace of the hacker community for its deep and innovative expertise in this context, Bratus’s portfolio at DARPA could help reduce or entirely remove even some of the most stealthy and unexpected vulnerabilities that reside in software and its logical, computational, and mathematical foundations. Segment Resources: • Overall Portfolio: https://www.darpa.mil/staff/dr-sergey-bratus • Safe Documents: https://www.darpa.mil/news-events/2023-06-14 • Enhanced SBOM for Optimized Software Sustainment: https://sam.gov/opp/d0af3e325a594a8191b94e3f80b6bdcd/view • V-SPELLS program: https://www.theregister.com/2023/08/18/darpalegacybinary_patching/ • Digital Corpora Project: https://www.jpl.nasa.gov/news/jpl-creates-worlds-largest-pdf-archive-to-aid-malware-research • SocialCyber: https://www.technologyreview.com/2022/07/14/1055894/us-military-sofware-linux-kernel-open-source/ • Weird Machines: https://www.darpa.mil/program/hardening-development-toolchains-against-emergent-execution-engines • Safe Docs: https://www.darpa.mil/news-events/2023-06-14 • Exploit programming: https://www.usenix.org/publications/login/december-2011-volume-36-number-6/exploit-programming-buffer-ove

Guest

DARPA Program Manager, Information Innovation Office at Defense Advanced Research Projects Agency (DARPA)

Dr. Sergey Bratus joined DARPA in January 2018 and, after a brief sabbatical, again in March 2022. His research interests include computer security and intrusion analysis.

Bratus joins DARPA from Dartmouth College, where he has worked since 2002, initially as a post-doctoral research associate and most recently as a research associate professor in the computer science department. He has made significant technical contributions in the area of language-theoretic security, which aims to eliminate broad classes of input-driven exploitable vulnerabilities. Bratus began his professional career at BBN Technologies, where he worked on natural language processing.

Bratus holds a Doctor of Philosophy degree in mathematics from Northeastern University. He has published over 100 technical papers, and his research has received several awards, most notably the 2012 Black Hat Pwnie award for Most Innovative Research. Bratus also earned best paper awards at the WOOT 2011, IJSSE 2010, and TRUST 2008 conferences.

Hosts

Announcements

Don’t let 3rd party risk ruin your Valentine’s Day! Join Adrian Sanabria and Bill Brenner on an SC Media webcast titled: Understanding third party risk by studying third party breaches. As listeners will know, Adrian loves exploring risk through our understanding of real breaches and incidents. They’ll discuss how to prepare for some of the most concerning third party risks you should be aware of, along with our partner for this webcast, ProcessUnity.

Visit securityweekly.com/ValentineRisk to register!

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.