The late, great, John Lewis is well known for a quote about getting into trouble. Never, ever be afraid to make some noise and get in good trouble, necessary trouble. It’s time to start some good trouble. Anyone who knows me, reads this blog, or follows me on Twitter, is well aware I have beenContinue reading “It’s time to fix CVE”
Search results for: cve
Episode 261 – DWF is back! Welcome to community powered CVE
Josh and Kurt talk about DWF. It’s back and the intention is to have real community driven security identifiers! Show Notes Committee vs Community dwflist repo dwf-request tooling repo dwf-workflow policy repo CVE plateua graph iwantacve.org
Episode 178 – Are CVEs important and will ransomware put you out of business?
Josh and Kurt talk about a discussion on Twitter about if discovering CVE IDs is important for a resume? We don’t think it is. We also discuss the idea of ransomware putting a company out of business. Did it really? Possibly but it probably won’t create any substantial change in the industry. Show Notes Games Done QuickContinue reading “Episode 178 – Are CVEs important and will ransomware put you out of business?”
Episode 83 – XKCD + CVE = XKCVE
Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials. https://xkcd.com/1957/ Show Notes XKCD CVE comic Samsung huge SSD Flight sim stealing credentials Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Episode 51 – All about CVE
Josh and Kurt talk to Dan Adinolfi about CVE. Most anything you ever wanted to know about CVE is discussed. Show Notes CVE The MITRE Corporation Mikko Hypponen CVE Form CVE CNA Rules Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Inverse Law of CVEs
I’ve started a project to put the CVE data into Elasticsearch and see if there is anything clever we can learn about it. Ever if there isn’t anything overly clever, it’s fun to do. And I get to make pretty graphs, which everyone likes to look at. I stuck a few of my early resultsContinue reading “Inverse Law of CVEs”
Episode 21 – CVE 10K Extravaganza
Josh and Kurt talk about CVE 10K. CVE IDs have finally crossed the line, we need 5 digits to display them. This has never happened before now. Show Notes OpenSSH CVE10K assignments CVE-2016-10005 CVE syntax change CVE Numbering Authorities OpenSSH Security Advisory C to HDL Reboot Boeing Dreamliner One person writes most Linux video camera drivers DonaldContinue reading “Episode 21 – CVE 10K Extravaganza”
Episode 13 – CVE: The metric system of security
Josh and Kurt talk about CVE, DWF, and the future of flaw reporting. Show Notes CVE CVE Candidates (CAN) DWF NVD Open Source Security Mailing List Larry Cashdollar’s Defcon talk Metric Inch Comment on Twitter
Episode 257 – The sudo and libgcrypt vulnerabilities
Josh and Kurt talk about the recent sudo and libgcrypt security vulnerabilities. What’s the deal with these buffer overflows and TOCTU bugs? Show Notes Sudo buffer overflow Sudo SELinux bug libgcrypt buffer overflow
Episode 219 – Chat with Larry Cashdollar
Josh and Kurt have a chat with Larry Cashdollar. The three of us go way back. Larry has done some amazing things and he tells us all about it! Show Notes Akamai Larry’s website Larry’s First CVE