Keeping Track Of Vulnerabilities With CVEs

Every lock has its weakness. That applies to the world of IT security—and any one piece of software can have multiple vulnerabilities. Code changes. Stacks evolve. The potential for incursions keeps growing. How can anyone keep track of it all? Enter the Common Vulnerabilities and Exposures Program. Jeremy West, Senior Manager of Product Security Engineering at Red Hat, walks us through the CVE tracking and remediation process—and explains why having a common standard is vital for everyone's security.

What happens when the encryption protecting the world’s most sensitive data is broken? As quantum computing advances, the standard algorithms we use for banking, healthcare, and government operations are facing an existential threat. Red Hat Distinguished Engineer Simo Sorce breaks down the real-world implications of post-quantum security threats, and how the IT industry is shifting toward quantum-resistant services.

With AI, traditional security methods don’t apply. Conventional defenses and ways of thinking cannot account for the myriad of attack vectors an AI model can present to a nefarious actor. Red Hat Principal Product Security Engineer Huzaifa Sidhpurwala breaks down the emerging security frameworks designed for the AI era, and tells us why complacency is (still) the weakest point when securing systems.

The relationship between data and AI is...complicated. AI is built on data. It often needs more. A wealth of data can make AI strong. But it can also be a weakness. Clarence Clayton, Director of Global Privacy + AI Risk and Compliance at Red Hat, helps us understand the increasingly complex interplay between data and AI—because the flow of information isn't a one-way street.

They say "data is king." From secret recipes to performance metrics and beyond, organizations use mountains of data every day. It's important to keep that data safe from scammers, the competition, or anyone else who could misuse it. Securing that data isn't easy. Clarence Clayton, Director of Global Privacy + AI Risk and Compliance at Red Hat, lays out the foundations of data security. He covers what needs to be protected and explains some of the basic principles you should follow to keep data thieves out of your database.

The rapid adoption of AI often means security is an afterthought. And let's face it—humans are not always great at assessing risk. But how has AI transformed the security landscape? What can the industry do to stay informed and ready to respond to threats? And what does this mean for product security?Jeff Crume, distinguished engineer at IBM, stops by to talk about AI as "the new attack surface", and explains why the technology, like so many others, can be used for both altruistic and malicious intentions.

Our trust in the internet is the lowest it’s ever been. In spite of our vigilance, we face more threats than ever before. Product security is a vital element in the defense against malicious incursions. This season of Compiler covers the particulars of product security. With some help from Emily Fox, Portfolio Security Architect at Red Hat, our hosts kick off the season with a simple question: What is product security?

Phishing. DDoS attacks. Social engineering. These are not new terms if you know anything about cybersecurity. But emerging technologies are making these well-known methods of attack easier than ever. Bad actors are paying attention—and they are leveling up their skills accordingly. It isn’t just cybersecurity professionals who have to be aware and responsive– people working in product security are a part of the effort, too. What do they need to know to respond to these newer attacks? This season, hosts Emily Bock and Vincent Danen will dig into how the security landscape has changed, and how IT professionals can work together to prevent and prepare for whenever, wherever, and however threats emerge.

Sure, AI has made a splash. And it's on us to level up, learn the ropes, and roll with it. But how do we even do that? And what cool human stuff might we accidentally ditch along the way?The Compiler team ends the season discussing the importance of context, creativity, and applied knowledge.

Agentic AIs are showing promise for tedious work. But it’s hard to explain exactly how you want it done—and getting it wrong could create big problems. This episode of Compiler investigates how Agentic AIs could carry out their tasks and how some agents are taking their baby steps in the wide world. The team also considers the difficulties humans have expressing what we want computers to do for us, and how that could create unintended consequences.