Why has software supply chain security exploded?

I take a bike ride every morning, it’s a nice way to think about topics of the day. I’ve been wondering lately why software supply chain security has exploded in popularity in the last year or so. Nothing happens by accident, so there must be some series of events we can point at that hasContinue reading “Why has software supply chain security exploded?”

Episode 338 – The government didn’t make vulnerabilities illegal. Yet.

Josh and Kurt talk about the recent National Defense Authorization Act that requires security vulnerabilities to be fixed. What does this mean for us, is it as bad as some people are claiming it is? It’s actually not a huge deal, for most of us it’s really just time to deal with product security. ShowContinue reading “Episode 338 – The government didn’t make vulnerabilities illegal. Yet.”

Episode 337 – Security patches are getting worse – Dustin Childs from ZDI tells us why

Josh and Kurt talk to Dustin Childs about the recent ZDI Black Hat talk where they discovered the current trend of security patches not actually fixing the security problem. We talk about what this problem means. Why is it happening, and what ZDI is doing to try nudge the industry in the right direction. ShowContinue reading “Episode 337 – Security patches are getting worse – Dustin Childs from ZDI tells us why”

Episode 336 – We don’t have data, we have security biases

Josh and Kurt talk about our lack of security and some of the data bias problems that can emerge. A lot of what we think is security data is really just biased data. This is OK as long as we understand the data is broken and know this is the first step in a longerContinue reading “Episode 336 – We don’t have data, we have security biases”

Episode 335 – Bull*&$% security ideas

Josh and Kurt talk about a tweet from @kmcquade3 asking the question “What’s a concept in security that is generally accepted as true but is actually bull%$#*?” How many of the replies make sense? Most of them do. We go over some of the best replies as fast as we can. Show Notes The tweetContinue reading “Episode 335 – Bull*&$% security ideas”