A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range...
Episode 456 - What if XZ happened to a company? The openness of open source
Josh and Kurt embark on a thought experiment to discuss how a commercial entity would handle something like the xz incident. It was very specific and difficult to understand. It's easy to claim just because source code being available doesn't matter. But the reality is when source code is needed, it can make a huge difference for everyone working together, just like we saw with xz. Show Notes Lindt admits chocolate may not be ‘expertly crafted’ in class-action lawsuit battle Mitchell & Webb - Needlessly ambiguous terms
--------
33:42
Episode 455 - Wordpress plugin security
Josh and Kurt talk about the way Wordpress vets their plugins. While Wordpress has been in the news lately, they do some clever things to get plugins approved. There's a static analyzer that runs against new submissions. We discuss using static analysis, securing open source, contributing and more. Show Notes Linus Torvalds Lands A 2.6% Performance Improvement With Minor Linux Kernel Patch Kurt's Plugin
--------
35:38
Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift
Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The overall theme seems to be open source is huge, everywhere, and needs help. But all is no lost! There's some great ideas on what the future needs to look like. Show Notes Donald Fischer Brian Fox Tidelift Sonatype The 2024 Tidelift state of the open source maintainer report Sonatype State of the Software Supply Chain Anchore 2024 Software Supply Chain Security Report OpenSSF TAC issue 101
--------
43:13
Episode 453 - Software Liability
Josh and Kurt talk about three government activities happening around security. CISA has a request for comment, and an international strategic plan around cybersecurity. These are both good ideas, and hopefully will help drive change. But we also discuss an EU proposal that brings liability rules to software which sounds like a great way to force change to happen. Show Notes Request for Comment on Product Security Bad Practices Guidance FY2025-2026 CISA International Strategic Plan EU brings product liability rules in line with digital age and circular economy CSA Cloud Controls Matrix
--------
36:28
Episode 452 - All about Meshtastic
Josh and Kurt talk about the Meshtastic open source project. It's a really slick mesh radio system that runs on very cheap radio equipment. This episode isn't very security related (there are a few things), but it is very open source. Show Notes Meshtastic Heltec LoRa 32(V3) Radio 465 Rutgers University Confirmed: Meshtastic and LoRa are dangerous Meshtastic Routing Issues & Deployment Scenarios TC2-BBS-mesh The Comms Channel Josh's BBS Heltec T114 bug
A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
Polska