There are not millions of unfixed security flaws missing from the CVE data.
Search results for: cve
Episode 93 – Security flaws in beep and patch, how did we get here?
Josh and Kurt talk about security flaws in beep and patch. How on earth were there security flaws in beep and patch? Show Notes beep security flaw patch security flaw Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Episode 56 – Devil’s Advocate and other fuzzy topics
Josh and Kurt talk about forest fires, fuzzing, old time Internet, and Net Neutrality. Listen to Kurt play the Devil’s Advocate and manage to change Josh’s mind about net neutrality. Show Notes Fuzzing httpd Fuzzing Freeradius AFL Fuzzer TruffleHog Archie search engine Space shuttle code Net Neutrality Join our Facebook Group Comment on Twitter with the #osspodcastContinue reading “Episode 56 – Devil’s Advocate and other fuzzy topics”
Episode 44 – Bug Bounties vs Pen Testing
Josh and Kurt discuss Lego, bug bounties, pen testing, thought leadership, cars, lemons, entropy, and CVE. Show Notes Josh’s Blog on Bug Bounties A Security Market for Lemons Join our Facebook Group Comment on Twitter with the #osspodcast hashtag
Episode 35 – Crazy Cosmic Accident
Josh and Kurt discuss SHA-1 and cloudbleed. Bug bounties come up, we compare security to the Higgs boson, and IPv6 comes up at the end. Show Notes SHA-1 attack Google Security Blog about SHA-1 Zcash hash algorithm analysis Webkit SVN Collision Google bug about cloudbleed Cloudflare Blog Known cloudbleed sites SHA-1 CVE-2005-4900 Whitewood Entropy Join our FacebookContinue reading “Episode 35 – Crazy Cosmic Accident”
Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)
Josh and Kurt are at the same place at the same time! We discuss our RSA sessions and how things went. Talk of CVE IDs, open source libraries, WordPress, and early morning sessions. Show Notes Bradley Kuh Typosquatting package managers (mirror) zlib embedded library problem WordPress CVE ID Josh’s 7am BoF session Bruce Schneier RSA talk JoinContinue reading “Episode 33 – Everybody who went to the circus is in the circus (RSA 2017)”
Episode 28 – RSA Conference 2017
Josh and Kurt discuss their involvement in the upcoming 2017 RSA conference: Open Source, CVEs, and Open Source CVE. Of course IoT and encryption manage to come up as topics. Show Notes Kurt’s talk – Saving CVE wtih open source Josh’s P2P session – Managing Your Open Source Join our Facebook Group Comment on Twitter with theContinue reading “Episode 28 – RSA Conference 2017”
Looks like you have a bad case of embedded libraries
A long time ago pretty much every application and library carried around its own copy of zlib. zlib is a library that does really fast and really good compression and decompression. If you’re storing data or transmitting data, it’s very likely this library is in use. It’s easy to use and is public domain. It’sContinue reading “Looks like you have a bad case of embedded libraries”
Episode 5 – OpenSSL: The library we deserve
Kurt and Josh discuss the recent OpenSSL update(s) Show Notes OpenSSL Flaw Logo Sloppy programming leads to OpenSSL woes CVE-2016-6309 (OpenSSL advisory) [Critical severity] 26th September 2016 Sendmail “Bat” Book OpenSSL Man Pages Comment on Twitter
Episode 2 – Instills the proper amount of fear
Josh and Kurt discuss how open source security works. Show Notes CII Badges CVE Node Security Project CSO open source story Comment on Twitter