Unlocking the Secrets of Formal Verification in WebAssembly | Ep 19 | WebAssembly Unleashed
Join hosts Joel Moses, Oscar Spencer, and Matt Yacobucci as they dive deep into the world of formal verification with special guest Chris Fallin. In this episode of WebAssembly Unleashed, the team discusses the importance of formal verification in software development, particularly for WebAssembly. Chris, a co-author of the Cranelift compiler and Mozilla alum, explains the concept of formal verification, its significance, and how it can be applied to ensure software correctness and security. The conversation covers a range of topics including type safety, the use of SMT solvers, the challenges in formally verifying compilers, and the potential role of AI in generating formally verified code. Don't miss this insightful discussion if you're keen to learn about cutting-edge techniques to make software more reliable and secure.
00:00 Welcome to WebAssembly Unleashed
00:57 Community Updates
01:41 Guest Introduction: Chris Fallin
02:18 What is formal verification and why is it important?
03:10 Formal Verification in WebAssembly
06:28 Challenges and Real-World Applications
07:52 Tools and Techniques for Verification
20:22 Future Directions and Broader Implications
28:21 AI and Formal Verification
30:44 Lack of Formal Verification Consequences
Did you miss the WebAssembly Unleashed episode 16 with Bruce Gain? Check it out here: https://youtu.be/Gjd8l1Sz9qY?si=QGixwObXJgvex9DS
For more from F5's Office of the CTO visit the following sites:
Blogs - https://www.f5.com/company/octo
Reports - https://www.f5.com/services/resources/reports
Meet Your Hosts:
Joel Moses | https://www.linkedin.com/in/joelmoses/ | https://community.f5.com/users/joel_moses/398372
Oscar Spencer | https://twitter.com/oscar_spen | https://www.linkedin.com/in/oscarspen/
Matthew Yacobucci | https://www.linkedin.com/in/matthew-yacobucci-323b4b2/
--------
32:12
--------
32:12
WebAssembly's SpecTec | Ep 18 | WebAssembly Unleashed
Joins hosts Joel Moses and Oscar Spencer as they delve into the world of WebAssembly with special guest Andreas Rossberg, co-designer of the WebAssembly specification. Andreas shares insights on SpecTec, a domain-specific language designed to streamline and verify the WebAssembly specification. The discussion covers the evolution of SpecTec, its impact on WebAssembly proposals, and future possibilities for its application. Additionally, Andreas discusses his background in functional programming, challenges in compiler development, and the surprising uses of WebAssembly in the tech ecosystem. Whether you're a novice or a seasoned developer, this episode offers a comprehensive look into the future of WebAssembly and its growing influence in technology.
Chapters:
00:00 Welcome to WebAssembly Unleashed
01:20 Exciting WebAssembly Developments
02:34 Special Guest: Andreas Rossberg
04:35 Functional Programming Insights
11:37 WebAssembly Specification and SpecTec
22:02 Test Matrix Generation for WebAssembly
23:49 Will SpecTec make WebAssembly proposals move any faster?
24:57 Reference Interpreter and Meta Interpreter
27:56 SpecTec's Potential Applications
30:54 Comparing SpecTec with Other Tools
32:34 Motivation and Commitment to WebAssembly and SpecTec
36:10 Surprising Uses and Future of WebAssembly
39:38 What area should the WebAssembly community work on next?
For more from F5's Office of the CTO visit the following sites:
Blogs - https://www.f5.com/company/octo
Reports - https://www.f5.com/services/resources/reports
Meet Your Hosts:
Joel Moses | https://www.linkedin.com/in/joelmoses/ | https://community.f5.com/users/joel_moses/398372
Oscar Spencer | https://twitter.com/oscar_spen | https://www.linkedin.com/in/oscarspen/
Matthew Yacobucci | https://www.linkedin.com/in/matthew-yacobucci-323b4b2/
--------
42:43
--------
42:43
AI, Red Teaming, and Post-Quantum Cryptography: Key Insights from RSA 2025
Join Aubrey and Byron at RSA Conference 2025 as they dive into transformative topics like artificial intelligence, red teaming strategies, and post-quantum cryptography. From exploring groundbreaking OWASP sessions to analyzing emerging AI threats, this episode highlights key insights that shape the future of cybersecurity. Discover the challenges in red team AI testing, the implications of APIs in multi-cloud environments, and how quantum-resistant cryptography is rising to meet AI-driven threats. Don't miss this exciting recap of RSA 2025!
00:00 Introduction
00:47 Personal Conference Highlights
03:07 PQC Meanderings
05:44 AI Red Teaming
11:21 OWASP Compass / CISO Checklist
13:03 A Prompt Injection Tale
14:03 Protect Your System Prompts
15:00 Beyond The Hype Cycle?
17:17 From The Show Floor
19:03 Dreadnode Dyana Sandbox
21:35 More From The Floor
22:53 Deepfakes
25:38 The Allure Of Using Obvious AI
26:22 Gonna Take Crucible For A Spin
27:12 Final Conference Thoughts
30:45 Outro
--------
31:36
--------
31:36
Tackling CVE Chaos, Parquet Tool Insights, and EU Cyber Resilience Act Unpacked
🔒 Welcome to this week’s episode of AppSecNow, the DevCentral podcast dedicated to all things application security! 🚨 This week, we unpack critical updates including:
💥 A zero-day SAP CVE with a CVSS score of 10—what it means, how it's being exploited, and what you can do to defend against it.
🛠️ A groundbreaking Parquet tool from F5 Labs that simplifies vulnerability testing for critical supply chain security issues.
Link: https://github.com/F5-Labs/parquet-canary-exploit-rce-poc-CVE-2025-30065
🌍 The EU Cyber Resilience Act—what it means for manufacturers, open-source stewards, and secure-by-design initiatives.
Learn how AppSec professionals leverage cutting-edge tools and protocols to tackle some of the biggest challenges in software security today. Whether you're prepping for RSA or managing zero trust architectures, this episode is packed with actionable insights!
✅ Like, subscribe, and follow to keep up with the latest in application security.
00:00 Introduction
02:20 Parquet Tool
06:30 VulnCon 2025
09:09 EU Cyber Resilience Act
16:45 CVE Program Chaos
20:29 Pay Your Tolls!
27:17 SAP Critical Vulnerability
29:18 Outro
--------
30:46
--------
30:46
LLMs And Trust, Google A2A Protocol And The Cost Of Politeness In AI: AI Friday
It's AI Friday and we're diving into the world of artificial intelligence like never before! 🎩 On this Hat Day edition (featuring NFL draft banter), we discuss fascinating topics like LLMs (Large Language Models) and their trust—or lack thereof—in humanity, Google's innovative Agent-to-Agent (A2A) protocol, and how politeness towards AI incurs millions in operational costs. We also touch on pivotal AI conversations around zero trust, agentic AI, and the dynamic collapse of traditional control and data planes.
Join us as we dissect how AI shapes the future of human interaction, enterprise-level security, and even animal communication. Don't miss out on this engaging, informative, and slightly chaotic conversation about cutting-edge advancements in AI. Remember to like, subscribe, and share with your community to ensure you never miss an episode of AI Friday!
00:00 Introduction
02:23 What Do LLMs Think Of Us?
15:26 At What Cost, Politeness?
25:33 Google Agent2Agent Protocol
35:57 Outro
DevCentral is F5's online Community of Technical Peers dedicated to learning, exchanging ideas, and solving problems – Together.
We host audio podcasts created by our Community, for our Community.
Netherlands