Podcast

Josh and Kurt talk about non-Microsoft Windows micropatches. The days of pretending closed source matters are long gone. Google gets hit with a privacy fine, that probably won’t matter. And Mastercard makes it easier for consumers to not accidentally sign up for services they don’t want. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_131_Windows_micropatches_Googles_privacy_fine_and_Mastercard_fixes_trial_abuse.mp3 Show Notes 3 Windows micropatches Google fined $57 million Mastercard free trial abuse Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk to Danny Grander one of the co-founders of Snyk about Zip Slip, what it is, how to fix it, and how they disclosed everything. We also touch on plenty of other open source security topics as Danny is involved in many aspects of open source security. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_130_Chat_with_Snyk_cofounder_Danny__Grander.mp3 Show Notes Danny’s Twitter Danny’s LinkedIn Snyk Zip Slip Snyk state of open source security Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about the EU bug bounty program. There have been a fair number of people complaining it’s solving the wrong problem, but it’s the only way the EU has to spend money on open source today. If that doesn’t change this program will fail. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_129_The_EU_bug_bounty_program.mp3 Show Notes Josh’s blog post Julia Reda EU bug bounty site Tidelift What motivates us Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about Australia’s recently passed encryption bill. What is the law that was passed, what does it mean, and what are the possible outcomes? The show notes contain a flow chart of possible outcomes. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode-128_Australias_encryption_backdoor_bill.mp3 Show Notes Josh’s flow chart Australia Access and Assistance Encryption Bill 2018 Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about which articles of the GDPR apply to Santa, and if he’s following the rules the way he should be (spoiler, he’s probably not). Should Santa be on his own naughty list? We also create a new holiday character - George the DPO Elf! https://traffic.libsyn.com/secure/opensourcesecuritypodcast/2018_Christmas_Special_Is_Santa_GDPR_compliant.mp3 Show Notes David Sedaris Santaland Canadian Tire Ice Truck Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about Mozilla pulling a paywall bypassing extension. We then turn our attention to talking about walled gardens. Are they good, are they bad? Something in the middle? There is a lot of prior art to draw on here, everything from Windows, Android, iOS, even Linux distributions. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_127_Walled_gardens_appstores_and_more.mp3 Show Notes Mozilla blocks a paywall bypass extension Turning a root ball Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt continue the discussion from episode 125. We look at the possible future of software supply chains. It’s far less dire than previously expected. It’s likely there will be some change in the near future. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_126_The_not_so_dire_future_of_supply_chain_security.mp3 Show Notes Episode 125 Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about how open source deals with malicious events. It’s probably impossible to stop these from happening, but the open source universe deals with it in its own unique way. We start to discuss what you can do, since everyone is using open source everywhere now. There will be a second part to this episode where we discuss what the future holds for these sort of problems. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_125_Open_Source_supply_chains_npm_and_you.mp3 Show Notes NPM event-stream backdoor Josh’s blog post Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about Cloudflare’s new Workers service. We spend a lot of time discussing how economics drives technology, not security. It’s quite likely this new service is less secure than existing alternatives, but it will be cheaper and faster which will matter more than security. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_124_Cloudflares_service_workers_and_the_economics_of_security.mp3 Show Notes Cloudflare Workers AV vs Whitelisting tweets Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk to Liz Rice about Kubernetes and container security. How did we get where we are today, what’s new and exciting today, and where do we think things are going. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_123_Talking_about_Kubernetes_and_container_security_with_Liz_Rice.mp3 Show Notes Liz Rice Operating Kubernetes Clusters and Applications Safely book Aqua Security Clair container scanner Comment on Twitter with the #osspodcast hashtag