Episode 180 – A Tale of Two Vulnerabilities

Josh and Kurt talk about two recent vulnerabilities that have had very different outcomes. One was the Citrix remote code execution flaw. While the flaw is bad, the handling of the flaw was possibly worse than the flaw itself. The other was the Microsoft ECC encryption flaw. It was well handled even though it was hard toContinue reading “Episode 180 – A Tale of Two Vulnerabilities”

Episode 179 – Google Project Zero and the 90 day clock

Josh and Kurt talk about the updated Google Project Zero disclosure policy. What’s the new policy, what does it mean, and will it really matter? We suspect it will improve some things, but won’t drastically change much. Show Notes Google and 90 day patch disclosure Upgrading all Windows versions Comment on Twitter with the #osspodcast hashtag

Episode 178 – Are CVEs important and will ransomware put you out of business?

Josh and Kurt talk about a discussion on Twitter about if discovering CVE IDs is important for a resume? We don’t think it is. We also discuss the idea of ransomware putting a company out of business. Did it really? Possibly but it probably won’t create any substantial change in the industry. Show Notes Games Done QuickContinue reading “Episode 178 – Are CVEs important and will ransomware put you out of business?”

Episode 177 – Fake or real? The security of counterfeit goods

Josh and Kurt talk about marketplace safety and security. Will we ever see an end to the constant flow of counterfeit goods? The security industry has the same problem the marketplace industry has, without substantial injury we don’t see movement towards meaningful change. Show Notes BrickLink Cars in Canada lighting on fire President Roosevelt used Al Capone’sContinue reading “Episode 177 – Fake or real? The security of counterfeit goods”