Episode 239 - AppSec Intel, CVEs, Authorization

When Ken is away, the geeks will play. Seth is joined by podcast regular Stefan Edwards (@lojikil) to catch up on his recent work around threat hunting. This progresses into a discussion on threat intelligence and what is available for applications. A recent blog post on the utility of the CVE system spurs thoughts on the usefulness of published CVEs. Finally, opinions fly on authorization issues and how simple misconfigurations result in the many vulnerabilities or attack chains.