Risky Biz Soap Box: How to measure vulnerability reachability

Update: 2025-08-14

Description

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

This episode is also available on Youtube.

Show notes

Comments

In Channel

Risky Business #805 -- On the Salesloft Drift breach and "OAuth soup"

2025-09-0301:01:55

Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy

2025-08-2753:32

Wide World of Cyber: Microsoft's China Entanglement

2025-08-2545:43

Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs

2025-08-2058:28

Risky Biz Soap Box: How to measure vulnerability reachability

2025-08-1435:48

Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds

2025-08-1301:00:00

Risky Business #801 -- AI models can hack well now and it's weirding us out

2025-08-0601:06:01

Soap Box: Why AI can't fix bad security products

2025-08-0137:11

Risky Business #800 — The SharePoint bug may have leaked from Microsoft MAPP

2025-07-3053:37

Risky Business #799 -- Everyone's Sharepoint gets shelled

2025-07-2301:13:55

Risky Biz Soap Box: Prowler, the open cloud security platform

2025-07-1432:08

Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses

2025-07-0201:02:19

Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators

2025-06-2501:02:16

Risky Business #796 -- With special guest co-host Chris Krebs

2025-06-1801:01:04

Soap Box: AI has entered the SOC, and it ain't going anywhere

2025-06-1630:58

Risky Business #795 -- How The Com is hacking Salesforce tenants

2025-06-1101:07:34

Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242

2025-06-0458:22

Risky Business #793 -- Scattered Spider is hijacking MX records

2025-05-2801:04:52

Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now

2025-05-2153:01

Risky Biz Soap Box: Push Security's browser-first twist on identity security

2025-05-1534:24

00:00

Risky Biz Soap Box: How to measure vulnerability reachability

#box-pro-ellipsis-175721907463388{-webkit-line-clamp:2;}Risky Biz Soap Box: How to measure vulnerability reachability

Show notes

Risky Biz Soap Box: How to measure vulnerability reachability

Risky Biz Soap Box: How to measure vulnerability reachability