Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Elo 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(527)

Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice

Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice

Josh and Kurt talk about two documents from the US government that discuss open source in very different ways. The CISA document lays out a way to measure open source, but we take issue with the idea ...

22 Heinä 202434min

Episode 437 - CocoPods and proper funding for open source

Episode 437 - CocoPods and proper funding for open source

Josh and Kurt talk about a pretty big bug found in CocoPods ownership. We also touch on a paper that discusses the technical debt that open source should have. We discuss what the long term sustainabi...

15 Heinä 202436min

Episode 436 - OpenSSH and node-ip - it's all exponential growth

Episode 436 - OpenSSH and node-ip - it's all exponential growth

Josh and Kurt talk about the recent OpenSSH vulnerability and the node-ip project owner taking their project private. They're quasi related in the context of two open source projects handled bugs very...

8 Heinä 202432min

Episode 435 - polyfill.io - open source is too big to fix

Episode 435 - polyfill.io - open source is too big to fix

Josh and Kurt talk about the latest polyfill.io mess. Apparently someone took over a very popular project and started to serve malware. First XZ, now this. What does it mean for open source? We don't ...

1 Heinä 202438min

Episode 434 - Unreported vulnerabilities and everyone is getting hacked

Episode 434 - Unreported vulnerabilities and everyone is getting hacked

Josh and Kurt talk about three wangles of responsibility. We start with a story about a bike theft ring, bike theft doesn't usually get any attention, but this one is special. Then we ask why it seems...

24 Kesä 202431min

Episode 433 - Should OpenSSH block misbehaving clients?

Episode 433 - Should OpenSSH block misbehaving clients?

Josh and Kurt talk about a new proposal from OpenSSH to add a timeout to penalize clients misbehaving. But this then brings up the typical security conversation of "if it's not perfect we shouldn't do...

17 Kesä 202431min

Episode 432 - Flipper Zero with Alex Kulagin

Episode 432 - Flipper Zero with Alex Kulagin

Josh and Kurt talk to Alex Kulagin from Flipper about the Flipper Zero. It's one of the coolest hacker devices that exists on the market. We talk about what it is, how it started, what it can (and can...

10 Kesä 202433min

Episode 431 - Redirecting HTTP to HTTPS

Episode 431 - Redirecting HTTP to HTTPS

Josh and Kurt talk about a blog post titled "Your API Shouldn't Redirect HTTP to HTTPS". It's an interesting idea, and probably a good one. There is however a lot of baggage in this space as you'll he...

3 Kesä 202432min