The late, great, John Lewis is well known for a quote about getting into trouble. Never, ever be afraid to make some noise and get in good trouble, necessary trouble. It’s time to start some good trouble. Anyone who knows me, reads this blog, or follows me on Twitter, is well aware I have beenContinue reading “It’s time to fix CVE”
Search results for: cve
Episode 261 – DWF is back! Welcome to community powered CVE
Josh and Kurt talk about DWF. It’s back and the intention is to have real community driven security identifiers! Show Notes Committee vs Community dwflist repo dwf-request tooling repo dwf-workflow policy repo CVE plateua graph iwantacve.org
Episode 178 – Are CVEs important and will ransomware put you out of business?
Josh and Kurt talk about a discussion on Twitter about if discovering CVE IDs is important for a resume? We don’t think it is. We also discuss the idea of ransomware putting a company out of business. Did it really? Possibly but it probably won’t create any substantial change in the industry. Show Notes Games Done QuickContinue reading “Episode 178 – Are CVEs important and will ransomware put you out of business?”
Episode 83 – XKCD + CVE = XKCVE
Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials. https://xkcd.com/1957/ Show Notes XKCD CVE comic Samsung huge SSD Flight sim stealing credentials Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Episode 51 – All about CVE
Josh and Kurt talk to Dan Adinolfi about CVE. Most anything you ever wanted to know about CVE is discussed. Show Notes CVE The MITRE Corporation Mikko Hypponen CVE Form CVE CNA Rules Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Inverse Law of CVEs
I’ve started a project to put the CVE data into Elasticsearch and see if there is anything clever we can learn about it. Ever if there isn’t anything overly clever, it’s fun to do. And I get to make pretty graphs, which everyone likes to look at. I stuck a few of my early resultsContinue reading “Inverse Law of CVEs”
Episode 21 – CVE 10K Extravaganza
Josh and Kurt talk about CVE 10K. CVE IDs have finally crossed the line, we need 5 digits to display them. This has never happened before now. Show Notes OpenSSH CVE10K assignments CVE-2016-10005 CVE syntax change CVE Numbering Authorities OpenSSH Security Advisory C to HDL Reboot Boeing Dreamliner One person writes most Linux video camera drivers DonaldContinue reading “Episode 21 – CVE 10K Extravaganza”
Episode 13 – CVE: The metric system of security
Josh and Kurt talk about CVE, DWF, and the future of flaw reporting. Show Notes CVE CVE Candidates (CAN) DWF NVD Open Source Security Mailing List Larry Cashdollar’s Defcon talk Metric Inch Comment on Twitter
The future of DWF
TL;DR – The future of community identifier is going to be the Cloud Security Alliance. See this blog post for more details. A few months ago the Distributed Weakness Filing project (DWF), announced it was coming back to work with some new ideas around how we work with vulnerability identifiers. The initial blog post definesContinue reading “The future of DWF”
Episode 257 – The sudo and libgcrypt vulnerabilities
Josh and Kurt talk about the recent sudo and libgcrypt security vulnerabilities. What’s the deal with these buffer overflows and TOCTU bugs? Show Notes Sudo buffer overflow Sudo SELinux bug libgcrypt buffer overflow
