When is a best practice not a best practice? Sadly, often when we talk about containers. Containers had a very simple promise: better security through discrete process isolation. One process or application per container. What have we done? Crammed as many things into a container to run together so we’ve basically turned containers into lightweight virtual machines. When did this happen? Why? And how can we realize the promise of better security using containers the way they were designed to be used? It starts by understanding what they are, and why a vulnerability in a properly-designed container is so …

How dire is the state of security when it comes to open source, particularly the “problem” of maintainers? It’s a tricky situation given all that’s going on. There’s developer burnout, the lack of gratitude (and funding) from end users, and ever-increasing demands for regulation and secure development. It sounds like a kettle that’s starting to boil over, but perhaps it isn’t all doom and gloom — if we can move forward properly.

When it comes to tracking security issues, we’ve had over two decades of process and experience. People know what to expect when it comes to tracking security issues and entire ecosystems have sprung up around vulnerability management. Vincent Danen and Huzaifa Sidhpurwala discuss this for AI, and in particular AI safety. AI security may be fairly straightforward, but safety isn’t the same as security even though they’re similar. What might the future of AI safety tracking look like?

Security is hard for the professionals, and it’s even harder for the everyday people who live and work around us, those who are more often than not likely to be the victims of malicious attacks. Vincent Danen convinced his wife Angela to come on and talk about a recent incident that happened to her. As well they discuss some of the dangers and pitfalls that exist for the everyday people around us and, perhaps, ways we can make things easier.

The future is clearly AI. Take a look around and you see it everywhere! Yet, there are a lot of unknowns — things we’re just starting to figure out. Concepts like security in IT are fairly well established, what does it mean for AI? What about safety? Are the two the same? Florencio Cano Gabarda and Vincent Danen talk about some of the questions and concerns around AI safety and security.

In the first episode of Security Unscripted, Austin Kimbrell and Vincent Danen talk about some of the changes in CVSSv4 and why they matter as well as some of the challenges the security community at large has with the current use of CVSS, some challenges with respect to adoption, and just how many people still use CVSSv2 (even though CVSSv3 came out almost a decade ago!).

“Security Unscripted” is a new podcast for insightful, no-nonsense discussions on the ever-evolving world of cybersecurity. In each short, engaging episode, we’ll dive into a variety of security topics, shining a light on challenges and opportunities that impact us all.