Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Elo 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(528)

Episode 263 - GitHub pulls exploits, LinuxFoundation sign all the things

Episode 263 - GitHub pulls exploits, LinuxFoundation sign all the things

Josh and Kurt talk about how terrible daylight savings is. GitHub yanking some exploit code. And the Linux Foundation new project to sign all the things. Show Notes Researcher Publishes Code to Explo...

22 Maalis 202132min

Episode 262 - A discussion with Loris and Pop from Sysdig

Episode 262 - A discussion with Loris and Pop from Sysdig

Josh and Kurt talk to Loris Degioanni and Dan from Sysdig. Sysdig are the minds behind Falco, an amazing open source runtime security engine. We talk about where their technology came from, they huge ...

15 Maalis 202131min

Episode 261 - DWF is back! Welcome to community powered CVE

Episode 261 - DWF is back! Welcome to community powered CVE

Josh and Kurt talk about DWF. It's back and the intention is to have real community driven security identifiers! Show Notes Committee vs Community dwflist repo dwf-request tooling repo dwf-workflow p...

8 Maalis 202132min

Episode 260 - Dave Jevans tells us what CipherTrace is up to

Episode 260 - Dave Jevans tells us what CipherTrace is up to

Josh and Kurt talk with Dave Jevans CEO of CipherTrace and chairman of the anti-phishing working group about the challenges of keeping track of cryptocurrency in the modern age. Show Notes Dave's Twi...

1 Maalis 202129min

Episode 259 - What even is open source anymore?

Episode 259 - What even is open source anymore?

Josh and Kurt talk about the question "what is open source?" Why do we think it's broken today, and what sort of ideas about what should come next. Show Notes OSI Bruce Perens Post Open Source Josh's...

22 Helmi 202133min

Episode 258 - Stop using C

Episode 258 - Stop using C

Josh and Kurt talk about the Google Project Zero report titled "A Year in Review of 0-days Exploited In-The-Wild in 2020". It's a cool report but we don't agree on the conclusion. The answer isn't to ...

15 Helmi 202130min

Episode 257 - The sudo and libgcrypt vulnerabilities

Episode 257 - The sudo and libgcrypt vulnerabilities

Josh and Kurt talk about the recent sudo and libgcrypt security vulnerabilities. What's the deal with these buffer overflows and TOCTU bugs? Show Notes Sudo buffer overflow Sudo SELinux bug libgcrypt...

8 Helmi 202131min

Episode 256 - 9 bits of podcast, 8 bits of computing

Episode 256 - 9 bits of podcast, 8 bits of computing

Josh and Kurt talk about 8 bit computing. What sort of security lessons can we learn from the 8 bit world? More than you think. Show Notes Legend of Zelda Random Number Generation Green rocket flame ...

1 Helmi 202131min