The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations. We discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities. The need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives. Costin Raiu is on vacation. Links: Transcript (unedited, AI-generated)Qualys: Remote Unauthenticated Code Execution in OpenSSH CSRB report on Microsoft hackCISA secure-by-design pledgeCCC Talk: Operation Triangulation Lawfare: Responsible Cyber OffenseGoogle: Stop Burning Counterterrorism OperationsFollow Dave Aitel on TwitterJ. A. Guerrero-Saade on TwitterCostin Raiu on TwitterFollow Ryan Naraine (@ryanaraine) on TwitterLABScon - Security Research in Real Time