Episode 162 – SBOM with Allan Friedman

Josh and Kurt speak with Allan Friedman of the US National Telecommunications and Information Administration about Software Bill of Materials. Where are we today, where are things going, and how you can help. Show Notes Allan Friedman NTIA NTIA Software Component Transparency Comment on Twitter with the #osspodcast hashtag

Episode 161 – Human nature and ad powered open source

Josh and Kurt start out discussing human nature and how it affects how we view security. A lot of things that look easy are actually really hard. We also talk about the npm library Standard showing command line ads. Are ads part of the future of open source? Show Notes thegrugq secure android DoD JEDI programContinue reading “Episode 161 – Human nature and ad powered open source”

Episode 160 – Disclosing security issues is insanely complicated: Part 2

Josh and Kurt talk about disclosing security flaws in open source. This is part two of a discussion around how to disclose security issues. This episode focuses on some expectations and behaviors for open source projects as well as researchers trying to disclose a problem to a project. Show Notes webmin backdoor Github security advisories Comment onContinue reading “Episode 160 – Disclosing security issues is insanely complicated: Part 2”

Episode 159 – Disclosing security issues is insanely complicated: Part 1

Josh and Kurt talk about disclosing security flaws. It’s a topic that’s come up a few times in the last few weeks and it’s more complicated than it’s ever been. We certainly ask more questions than we answer in this episode, there will be a part 2 that focuses on open source disclosure. Show Notes LockContinue reading “Episode 159 – Disclosing security issues is insanely complicated: Part 1”