Moshe Siman Tov Bustan
Liad Cohen
A deep dive into real-world, high-profile CVEs exposes a critical pitfall in AppSec: treating every high-severity vulnerability urgently without understanding its exploitability and business impact. We’ll analyze cases where CVEs are labeled as critical but were originally exploited in different environments, and often found in widely shared kernel code that turned out to be nearly impossible to exploit on cloud containers. By dissecting CVE patches, tracing fix propagation, and attack vectors across platforms like Android, Chrome, and cloud containers, we’ll reveal how misinterpreting CVE context leads to wasted triage cycles, unnecessary fixes, and security teams chasing irrelevant threats.
Moshe Siman Tov Bustan
Security Researcher @OX Security
Moshe is a Senior Security Researcher at OX Security, a company specializing in software supply chain security, and has worked in the security industry for 13 years. His work spans cloud security research, container security, memory forensics, and an in-depth understanding of programming languages. He also has extensive experience in mobile security, including iOS and Android research, deep analysis of Android malware, sandboxing, and memory forensics.
Beyond security research, Moshe has published multiple "Can It Run Doom?" projects online, and is also a professional guitarist in a progressive metal band.
Liad Cohen
Security Research Team Lead, OX Security
Liad Cohen is a Security Research Team Lead and a Data Scientist at OX Security. His day-to-day work involves empowering open source security and code security with AI capabilities, developing innovative data-driven AppSec detection systems from ideation to PoCs to production, and making product roadmap a reality, backed by deep pioneer security research. He started his career as a young "script kiddie", later becoming a gifted mathematician. Liad holds a Master of Science degree in Computer Science. He is a Mentor in hackathons and CTFs, publishing academic papers and articles in security journals and presented state of the art security research at BlackHat USA, RSA Conference, OWASP Global and others.