Josh and Kurt talk about the Amazon Route 53 incident and what it really means for the modern infrastructure. Complaining nobody is using DNSSEC or securing BGP aren’t the right conversations to be having. Reality must be considered in any honest conversation about these topics. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_94_dns_bgp_and_reality.mp3 Show Notes Route 53 attack Cloudflare’s 1.1.1.1 Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about security flaws in beep and patch. How on earth were there security flaws in beep and patch? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_93-Security_flaws_in_beep_and_patch_how_did_we_get_here.mp3 Show Notes beep security flaw patch security flaw Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk to Rami Saas, the CEO of WhiteSource about 3rd party open source security as well as open source licensing. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode-92_chat_with_rami_saas.mp3 Show Notes WhiteSource Rami Saas Open Source Licenses Mercedes C-Class 205 Open Source Licenses Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk to a 7 year old about security. We cover Minecraft security, passwords, hacking, and many many other nuggets of wisdom. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode-91_security_lessons_from_a_7_year_old.mp3 Show Notes Minecraft John Doe Roblox Roblox Join our Facebook Group Comment on Twitter with the #osspodcast hashtag Keywords: passwords, minecraft

I was watching a few Twitter conversations about purchasing security last week and had yet another conversation about security ROI. This has me thinking about what we spend money on. In many industries we can spend our way out of problems, not all problems, but a lot of problems. With security if I gave you a blank check and said “fix it”, you couldn’t. Our problem isn’t money, it’s more fundamental than that. ...

Josh and Kurt talk about all the current misinformation, how humans react to it, and what it means for security. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode-90_humans_and_misinformation.mp3 Show Notes Virus infections during lent Wikipedia circular reporting Guccifer Bad Twitter VPN advice Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about the recent AMD flaws and the events surrounding the disclosure. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode-89_short_selling_amd_security_flaws.mp3 Show Notes AMD flaws Activist investing Microsoft side channel bounty Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about container security with IBM’s Chris Rosen. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_88_chat_with_chris_rosen_from_ibm_about_container_security.mp3 Show Notes Chris Rosen Kubernetes Istio Grafeas Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

Josh and Kurt talk about Let’s Encrypt with co-founder Josh Aas. We discuss the past, present, and future of the project. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_87_Chat_with_lets_encrypt_co-founder_josh_aas.mp3 Show Notes Let’s Encrypt Josh Aas Join our Facebook Group Comment on Twitter with the #osspodcast hashtag

This week I’ve been thinking about how security people and non security people interact. Various conversations I have often end up with someone suggesting everyone needs some sort of security responsibility. My suspicion is this will never work. First some background to think about. In any organization there are certain responsibilities everyone has. Without using security as our specific example just yet, let’s consider how a typical building functions. You have people who are tasked with keeping the electricity working, the plumbing, the heating and cooling. Some people keep the building clean, some take care of the elevators. Some work in the building to accomplish some other task. If the company that inhabits the building is a bank you can imagine the huge number of tasks that take place inside. ...