Open Source Security
Teknologia

Open Source Security

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hours. Let's focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what's up, they have a lot to teach us. We just have to listen.

Jaksot(527)

Episode 415 - Reducing attack surface for less security

Episode 415 - Reducing attack surface for less security

Josh and Kurt talk about a blog post explaining how to create a very very small container image. Generally in the world of security less is more, but it's possible to remove too much. A lot of today's...

12 Helmi 202431min

Episode 414 - The exploited ecosystem of open source

Episode 414 - The exploited ecosystem of open source

Josh and Kurt talk about open source projects proving builds, and things nobody wants to pay for in open source. It's easy to have unrealistic expectations for open source projects, but we have the op...

5 Helmi 202432min

Episode 413 - PyTorch and NPM get attacked, but it's OK

Episode 413 - PyTorch and NPM get attacked, but it's OK

Josh and Kurt talk about an attack against PyTorch and NPM. The PyTorch attack shows the difficulty of trying to operate a large open source project. The NPM problem is one of the difficulty in trying...

29 Tammi 202435min

Episode 412 - Blame the users for bad passwords!

Episode 412 - Blame the users for bad passwords!

Josh and Kurt talk about the 23andMe compromise and how they are blaming the users. It's obviously the the fault of the users, but there's still a lot of things to discuss on this one. Every company h...

22 Tammi 202433min

Episode 411 - The security tools that started it all

Episode 411 - The security tools that started it all

Josh and Kurt talk about a grab bag of old technologies that defined the security industry. Technology like SELinux, SSH, Snort, ModSecurity and more all started with humble beginnings, and many of th...

15 Tammi 202429min

Episode 410 - Package identifiers are really hard

Episode 410 - Package identifiers are really hard

Josh and Kurt talk about package identifiers. We break this down in the context of an OpenSSF response to a CISA paper on software identifications. The identifiers that get all the air time are purl, ...

8 Tammi 202431min

Episode 409 - You wouldn't hack a train?

Episode 409 - You wouldn't hack a train?

Josh and Kurt talk about how some hackers saved the day with a Polish train. We delve into a discussion about how we don't really own anything anymore if you look around. There's a great talk from the...

1 Tammi 202435min

Episode 408 - Does Kubernetes need long term support?

Episode 408 - Does Kubernetes need long term support?

Josh and Kurt talk about a story asking for a Kubernetes LTS. Should open source projects have LTS versions? What does LTS even mean? Why is maintaining software so hard? It's a lively discussion all ...

25 Joulu 202332min