Open Source Security

Josh and Kurt talk about containers. There are a lot of opinions around what type of containers is best. Back when it all started there were only huge distro sized containers. Now we have a world with...

6 Juni 202237min

Josh and Kurt talk about a recent OpenSSF issue that asks the question how many open source maintainers should a project have that's "healthy"? Josh did some research that shows the overwhelming major...

30 Maj 202235min

Josh and Kurt talk about the whole work from home debate. It seems like there are a lot of very silly excuses why working from home is bad. We've both been working from home for a long time and have a...

23 Maj 202235min

Josh and Kurt talk about a fake 7-Zip security report. It's pretty clear that everyone is running open source all the time. We end on some thoughts around what SBOM is good for, and who should be resp...

16 Maj 202238min

Josh and Kurt talk to Adam Shostack about his new book "Threats: What Every Engineer Should Learn From Star Wars". We discuss some of the lessons and threats in the Star Wars universe, it's an old cod...

9 Maj 202233min

Josh and Kurt talk about the Google Project Zero blog post about 0day vulnerabilities in 2021. There were a lot more than ever before, but why? Part of the challenge is the whole industry is expanding...

2 Maj 202234min

Josh and Kurt talk about a survey about a TuxCare patch management and vulnerability detection. Sometimes our security bubble makes us forget what it's like in the real world for the people who keep o...

25 Apr 202232min

Josh and Kurt talk about a lot of security vulnerabilities in this month's Patch Tuesday. There's also a new Git vulnerability. This sparks the age old question of how fast to patch? The answer isn't ...

18 Apr 202230min