Open Source Security

Josh and Kurt talk about the recent events around XZ. It's only been a few days, and it's amazing what we already know. We explain a lot of the basics we currently know with the attitude much of these...

1 Apr 20241h 1min

Josh and Kurt talk about the security.txt file. It's not new, but it's not something we've discussed before. It's a great idea, an easy format, and well defined. It's not high on many of our todo list...

1 Apr 202430min

Josh and Kurt talk about the new SSDF attestation form from CISA. The current form isn't very complicated, and the SSDF has a lot of room for interpretation. But this is the start of something big. It...

25 Mar 202441min

Josh and Kurt talk about what's going on at the National Vulnerability Database. NVD suddenly stopped enriching vulnerabilities, and it's sent shock-waves through the vulnerability management space. W...

18 Mar 202439min

Josh and Kurt talk about an attack against GitHub where attackers are creating malicious repositories then artificially inflating the number of stars and forks. This is really a discussion about how c...

11 Mar 202434min

Josh and Kurt talk about recent stories about data breaches, flipper zero banning, and realistic security. We have a lot of weird challenges in the world of security, but hard problems aren't impossib...

4 Mar 202430min

Josh and Kurt talk to GregKH about Linux Kernel security. We most focus on the topic of vulnerabilities in the Linux Kernel, and what being a CNA will mean for the future of Linux Kernel security vuln...

26 Feb 202442min

Josh and Kurt talk to Thomas Depierre about some of the European efforts to secure software. We touch on the CRA, MDA, FOSDEM, and more. As expected Thomas drops a huge amount of knowledge on what's h...

19 Feb 202442min