“Trying to chase one bug at a time” isn’t a cybersecurity strategy, as anyone who has tried to keep up with patch cycles can tell you. Recently, Joe Saunders and Doug Britton joined Paul Ducklin on Exploited: The Cyber Truth for a conversation on what Claude Mythos...
AI is changing the speed and scale of vulnerability discovery. With Anthropic’s Claude Mythos showing how quickly AI can uncover vulnerabilities and zero days, product security teams are facing a new reality: the time between finding a vulnerability and turning it...
Open source software is deeply woven into modern embedded development. From compilers and build systems to networking stacks and device libraries, it enables teams to move faster and innovate more efficiently. But speed introduces tradeoffs. The same open source...
If you’ve ever run an SBOM tool on a C/C++ codebase and gotten results that felt wrong, you’re not imagining it. Teams evaluating tools like Black Duck, Syft, Trivy, and FOSSA on embedded projects routinely find that outputs are incomplete, inconsistent,...
If you’re running a proof of concept on Software Bill of Materials (SBOM) tooling for C/C++, you’ve probably already discovered that vendor demos don’t tell you much. Tools that look capable in a sales presentation frequently fall apart when pointed...
How do you protect critical infrastructure—the systems that keep the lights on, water flowing, and communities functioning—from threats that span cyberspace, geopolitics, and emerging technology? That’s the question host Paul Ducklin explored with Joseph M. Saunders,...