Open Source Security
Teknologia

Open Source Security

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hours. Let's focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what's up, they have a lot to teach us. We just have to listen.

Jaksot(526)

Episode 422 - Do you have a security.txt file?

Episode 422 - Do you have a security.txt file?

Josh and Kurt talk about the security.txt file. It's not new, but it's not something we've discussed before. It's a great idea, an easy format, and well defined. It's not high on many of our todo list...

1 Huhti 202430min

Episode 421 - CISA's new SSDF attestation form

Episode 421 - CISA's new SSDF attestation form

Josh and Kurt talk about the new SSDF attestation form from CISA. The current form isn't very complicated, and the SSDF has a lot of room for interpretation. But this is the start of something big. It...

25 Maalis 202441min

Episode 420 - What's going on at NVD

Episode 420 - What's going on at NVD

Josh and Kurt talk about what's going on at the National Vulnerability Database. NVD suddenly stopped enriching vulnerabilities, and it's sent shock-waves through the vulnerability management space. W...

18 Maalis 202439min

Episode 419 - Malicious GitHub repositories

Episode 419 - Malicious GitHub repositories

Josh and Kurt talk about an attack against GitHub where attackers are creating malicious repositories then artificially inflating the number of stars and forks. This is really a discussion about how c...

11 Maalis 202434min

Episode 418 - Being right all the time is hard

Episode 418 - Being right all the time is hard

Josh and Kurt talk about recent stories about data breaches, flipper zero banning, and realistic security. We have a lot of weird challenges in the world of security, but hard problems aren't impossib...

4 Maalis 202430min

Episode 417 - Linux Kernel security with Greg K-H

Episode 417 - Linux Kernel security with Greg K-H

Josh and Kurt talk to GregKH about Linux Kernel security. We most focus on the topic of vulnerabilities in the Linux Kernel, and what being a CNA will mean for the future of Linux Kernel security vuln...

26 Helmi 202442min

Episode 416 - Thomas Depierre on open source in Europe

Episode 416 - Thomas Depierre on open source in Europe

Josh and Kurt talk to Thomas Depierre about some of the European efforts to secure software. We touch on the CRA, MDA, FOSDEM, and more. As expected Thomas drops a huge amount of knowledge on what's h...

19 Helmi 202442min

Episode 415 - Reducing attack surface for less security

Episode 415 - Reducing attack surface for less security

Josh and Kurt talk about a blog post explaining how to create a very very small container image. Generally in the world of security less is more, but it's possible to remove too much. A lot of today's...

12 Helmi 202431min