Episode 315 – Who even makes all these terrible decisions?

Josh and Kurt talk about Microsoft accidentally letting us find out about ads in file explorer. Changing your clocks sucks. And touch on some of the security implications of the Russian invasion and sanctions. There are a lot of security lessons we can all learn. Mostly what not to do.

Show Notes

Episode 314 – The Linux Dirty Pipe vulnerability

Josh and Kurt talk about the Linux Kernel Dirty Pipe security vulnerability. This bug is an amazing combination of amazing complexity, incredible simplicity, and a little bit of luck. The discovery is amazing, the analysis is enlightening. There’s almost no way a bug like this could be found outside of open source.

Show Notes

Episode 313 – Insecurity at scale

Josh and Kurt talk about the challenges of security at scale. Specifically we focus on why a lot of security starts to fall apart once you have to do something more than a few times. There’s a lot of new thinking we need to push security forward.

Show Notes

Episode 312 – The Legend of the SBOM

Josh and Kurt talk about SBOMs. Not what they are, there’s plenty about that. We talk about why everyone keeps claiming they’re super important, and why we’re starting to see some people question if we really need them. SBOMs are part of a future that’s still being invented.

Show Notes

Episode 311 – Did you scan the QR code?

Josh and Kurt talk about the Coinbase Super Bowl ad. It was a QR code, lots of security people were aghast at how many people scanned the QR code. The reality is scanning QR codes isn’t dangerous. What other security advice just won’t go away?

Show Notes

Episode 310 – Hayley Tsukayama from the EFF talks about privacy

Josh and Kurt talk to Hayley Tsukayama from the EFF about privacy. We all know privacy in the modern age is very complicated and difficult. Normal people don’t have many allies when it comes to privacy. The EFF has been blazing the trail for digital rights for more than 30 years! This episode has a ton of amazing details, it’s easy to see how the EFF became the jewel of the Internet.

Show Notes

Episode 309 – The bright future of open source secuirty

Josh and Kurt talk about NPM requiring 2FA for the top 100 packages. We discuss the new Alpha and Omega projects from the OpenSSF and what it could mean for the future of open source security. Then we end on a note about the new Samba critical vulnerability.

Show Notes

Episode 308 – Welcome to the jungle – How to talk about open source security

Josh and Kurt talk about how to get attention for security problems. Recent research around Twitter credentials checked into GitHub showed us how to get a lot of attention when compared to a problem like Log4Shell which took years before anyone really picked up on the problem. It’s hard to talk about security sometimes.

Show Notes

Episode 307 – Got vulnerabilities? Introducing GSD

Josh and Kurt talk about the Global Security Database (GSD) project. This is a Cloud Security Alliance (CSA) effort to build community around vulnerability identifiers.

Show Notes

Episode 306 – Open source isn’t broken, it’s an experience

Josh and Kurt talk about the faker and colors NPM events. There is a lot of discussion around open source being broken or somehow failing because of these events. The real answer is open source is an experience. How we interact with our dependencies determines what the experience looks like.

Show Notes