A RASP Journey To Level 1 Device Security
Shane Fry
S4x24 - ICS Security Conference · Day 3 · Stage 2
Shane Fry's talk, "A RASP Journey To Level 1 Device Security," delivered at S4, starkly illuminated the escalating crisis of memory safety vulnerabilities, particularly within the **Operational Technology (OT)** and **Industrial Control Systems (ICS)** domains. Fry presented a sobering analysis, demonstrating that despite advancements in secure software development lifecycles, these critical flaws are not only persisting but growing in number and impact. The core message is clear: existing defensive strategies—ranging from static and dynamic analysis tools to software bill of materials (SBOMs) and even next-generation programming languages—are proving inadequate against the relentless tide of memory safety exploits in systems that underpin critical infrastructure.
AI review
Fry's talk delivers a sobering, data-backed indictment of the cybersecurity state within Operational Technology and Industrial Control Systems. He meticulously dissects the escalating, intractable problem of memory safety vulnerabilities, exposing the critical failures of traditional defensive strategies—from inadequate scanning tools to glacial patching cycles. The core argument for Runtime Application Self-Protection (RASP) as an essential, immediate last line of defense for these critical brownfield environments is compelling and well-supported by hard data, making this a vital call to…