Open Source Security
Teknologia

Open Source Security

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hours. Let's focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what's up, they have a lot to teach us. We just have to listen.

Jaksot(526)

Episode 461 - The new NIST password guidance

Episode 461 - The new NIST password guidance

Josh and Kurt talk about new NIST password guidance. There's some really good stuff in this new document. Ideas like usability and equity show up (which is amazing). There's more strict guidance again...

30 Joulu 202436min

Episode 460 - Santa's Supply Chain Security

Episode 460 - Santa's Supply Chain Security

Josh and Kurt talk about the supply chain of Santa. Does he purchase all those things? Are they counterfeit goods? Are they acquired some other way? And once he has all the stuff, the logistics of get...

23 Joulu 202443min

Episode 459 - CWE Top 25 List

Episode 459 - CWE Top 25 List

Josh and Kurt talk about a CWE Top 25 list from MITRE. The list itself is fine, but we discuss why the list looks the way it does (it's because of WordPress). We also discuss why Josh hates lists like...

16 Joulu 202436min

Episode 458 - FBI endorses E2E encryption

Episode 458 - FBI endorses E2E encryption

Josh and Kurt talk about the FBI telling everyone to use end to end encrypted messengers. This is a pretty drastic deviation from messages in the past. The reason for this is it appears the US telepho...

9 Joulu 202433min

Episode 457 - The D-Link D-bacle

Episode 457 - The D-Link D-bacle

Josh and Kurt talk about a serious D-Link security vulnerability in a bunch of end of life products. The crux of the discussion focuses on D-Link, but the reality is almost all consumer gear you plug ...

2 Joulu 202441min

Episode 456 - What if XZ happened to a company? The openness of open source

Episode 456 - What if XZ happened to a company? The openness of open source

Josh and Kurt embark on a thought experiment to discuss how a commercial entity would handle something like the xz incident. It was very specific and difficult to understand. It's easy to claim just b...

25 Marras 202433min

Episode 455 - Wordpress plugin security

Episode 455 - Wordpress plugin security

Josh and Kurt talk about the way Wordpress vets their plugins. While Wordpress has been in the news lately, they do some clever things to get plugins approved. There's a static analyzer that runs agai...

18 Marras 202435min

Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift

Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift

Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The ...

11 Marras 202443min