Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)

Josh and Kurt are at the same place at the same time! We discuss our RSA sessions and how things went. Talk of CVE IDs, open source libraries, WordPress, and early morning sessions. Show Notes Bradley Kuh Typosquatting package managers (mirror) zlib embedded library problem WordPress CVE ID Josh’s 7am BoF session Bruce Schneier RSA talk JoinContinue reading “Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)”

Episode 32 – Gambling as a Service

Josh and Kurt discuss random numbers, a lot. Also slot machines, gambling, and dice. Show Notes Dilbert Random Numbers Slot Machine Cheats dieharder Cracking the Scratch Lottery Intel Atom 2000 Lavarand diceomatic Google security neuroscience Militant moderates Show tags: #random #prng Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Everything you know about security is wrong, stop protecting your empire!

Last week I kept running into old school people trying to justify why something that made sense in the past still makes sense today. Usually I ignore these sort of statements, but I feel like I’m seeing them often enough it’s time to write something up. We’re in the middle of disruptive change. That meansContinue reading “Everything you know about security is wrong, stop protecting your empire!”

Episode 30 – I’m not an expert but I’ve been yelled at by experts

Josh and Kurt discuss security automation. Machine learning, AI, and a bunch of moral and philosophical boundaries that new future will bring. You’ve been warned. Show Notes XKCD Is It Worth the Time? Larry Wall Google Translate AI invents its own language to translate with Black Mirror Social Media Episode St. Louis Public Library Ransomware Join ourContinue reading “Episode 30 – I’m not an expert but I’ve been yelled at by experts”

Return on Risk Investment

I found myself in a discussion earlier this week that worked its way into return on investment topics. Of course nobody could really agree on what the return was which is sort of how these conversations often work out. It’s really hard to decide what the return on investment is for security features and products.Continue reading “Return on Risk Investment”

Episode 28 – RSA Conference 2017

Josh and Kurt discuss their involvement in the upcoming 2017 RSA conference: Open Source, CVEs, and Open Source CVE. Of course IoT and encryption manage to come up as topics. Show Notes Kurt’s talk – Saving CVE wtih open source Josh’s P2P session – Managing Your Open Source Join our Facebook Group Comment on Twitter with theContinue reading “Episode 28 – RSA Conference 2017”

What does security and USB-C have in common?

I’ve decided to create yet another security analogy! You can’t tell, but I’m very excited to do this. One of my long standing complaints about security is there are basically no good analogies that make sense. We always try to talk about auto safety, or food safety, or maybe building security, how about pollution. There’sContinue reading “What does security and USB-C have in common?”