If you just showed up here, go back and start at the intro post, you’ll want the missing context before reading this article. In this post we’re going to talk about a newer type of scanner called a composition scanner. The idea here is when you build an application today it’s never just what youContinue reading “Part 3: Composition scanning”
Category Archives: Security
Part 2: Scanning the code
If you just showed up here, go back and start at the intro post, you’ll want the missing context before reading this article. The first type of scanner we’re going to cover are source code scanners. It seems fitting to start at the bottom with the code that drives everything. Every software project has sourceContinue reading “Part 2: Scanning the code”
Part 1: Is your security scanner running? You better go catch it!
This post is the first part in a series on automated security scanners. I explain some of the ideas and goals in the intro post, rather than rehashing that post as filler, just go read it, rehashing content isn’t exciting. There are different kinds of security scanners, but the problem with all of them isContinue reading “Part 1: Is your security scanner running? You better go catch it!”
The Security Scanner Problem
Are you running a security scanner? It seems like everyone is doing it, maybe it’s time to get with it. It’s looking like automated security scanning is the next stage in the long winding history of the security industry. If you’ve never run one of these scanners that’s OK. I’m going to explain what theyContinue reading “The Security Scanner Problem”
Episode 186 – Endpoint security with Tony Meehan
Josh and Kurt talk to Tony Meehan from Elastic (formerly Endgame) about endpoint detection, response, protection, and even SIEM. Tony has a great history coming from the NSA and has a number of great stories to help understand the topics. Show Notes Tony Meehan Rob Joyce on Disrupting Nation State Hackers Bobby Filar living off the landContinue reading “Episode 186 – Endpoint security with Tony Meehan”
Episode 185 – Is it even possible to fix open source security?
Josh and Kurt talk about the Linux Foundation Census 2. There is a lot of talk around how to fix open source security, but the reality is we can’t fix it. We need to stop trying to fix what isn’t broken and engineering around the system we have, not the system we want. Show Notes Linux FoundationContinue reading “Episode 185 – Is it even possible to fix open source security?”
Episode 184 – It’s DNS. It’s always DNS
Josh and Kurt talk about the sale of the corp.com domain. Is it going to be the end of the world, or a non event? We disagree on what should happen with it. Josh hopes an evildoer buys it, Kurt hopes for Microsoft. We also briefly discuss the CIA owning Crypto AG. Show Notes corp.com is forContinue reading “Episode 184 – It’s DNS. It’s always DNS”
Episode 183 – The great working from home experiment
Josh and Kurt talk about a huge working from home experiment because of the the Coronavirus. We also discuss some of the advice going on around the outbreak, as well as how humans are incredibly good at ignoring good advice, often to their own peril. Also an airplane wheel falls off. Show Notes Work from home HackerContinue reading “Episode 183 – The great working from home experiment”
Episode 182 – Does open source owe us anything?
Josh and Kurt talk about open source maintainers and building communities. While an open source maintainer doesn’t owe anyone anything, there are some difficult conversations around holding back a community rather than letting it flourish. Show Notes Actix-web story Lodash Possible Lodash security issue Javascript libraries are almost never updated Ularn Comment on Twitter with the #osspodcastContinue reading “Episode 182 – Does open source owe us anything?”
Episode 181 – The security of SIM swapping
Josh and Kurt talk about SIM swapping. What is it, how does it work. Why should you care? There’s not a ton you can do to protect yourself, but we go over some of the basic concepts and what to watch out for. It’s unfortunate this is still a problem. Show Notes Five Major US Wireless CarriersContinue reading “Episode 181 – The security of SIM swapping”
