Episode 343 – Stop trying to fix the open source software supply chain

Josh and Kurt talk about a blog post that explains there isn’t really an open source software supply chain. The whole idea of open source being one thing is incorrect, open source is really a lot of little things put together. A lot of companies and organizations get this wrong. Show Notes

Episode 338 – The government didn’t make vulnerabilities illegal. Yet.

Josh and Kurt talk about the recent National Defense Authorization Act that requires security vulnerabilities to be fixed. What does this mean for us, is it as bad as some people are claiming it is? It’s actually not a huge deal, for most of us it’s really just time to deal with product security. ShowContinue reading “Episode 338 – The government didn’t make vulnerabilities illegal. Yet.”

Episode 337 – Security patches are getting worse – Dustin Childs from ZDI tells us why

Josh and Kurt talk to Dustin Childs about the recent ZDI Black Hat talk where they discovered the current trend of security patches not actually fixing the security problem. We talk about what this problem means. Why is it happening, and what ZDI is doing to try nudge the industry in the right direction. ShowContinue reading “Episode 337 – Security patches are getting worse – Dustin Childs from ZDI tells us why”

Episode 336 – We don’t have data, we have security biases

Josh and Kurt talk about our lack of security and some of the data bias problems that can emerge. A lot of what we think is security data is really just biased data. This is OK as long as we understand the data is broken and know this is the first step in a longerContinue reading “Episode 336 – We don’t have data, we have security biases”

Episode 335 – Bull*&$% security ideas

Josh and Kurt talk about a tweet from @kmcquade3 asking the question “What’s a concept in security that is generally accepted as true but is actually bull%$#*?” How many of the replies make sense? Most of them do. We go over some of the best replies as fast as we can. Show Notes The tweetContinue reading “Episode 335 – Bull*&$% security ideas”

Episode 334 – Leap seconds break everything

Josh and Kurt talk about leap seconds. Every time there’s a leap second, things break. Facebook wants to get rid of them because they break computers, but Google found a clever way to keep leap seconds without breaking anything. Corner cases are hard, security is often just one huge corner case. There are lessons weContinue reading “Episode 334 – Leap seconds break everything”