Josh and Kurt talk about the security.txt file. It’s not new, but it’s not something we’ve discussed before. It’s a great idea, an easy format, and well defined. It’s not high on many of our todo lists, but it’s something worth doing. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_422_Do_you_have_a_securitytxt_file.mp3 Show Notes RFC 9116
Josh and Kurt talk about how your actions can tell the world if you actually take security seriously. We frame the discussion in the context of Slack paying a very low bug bounty and discover some ways we can look at Slack and decide if they do indeed take our security very seriously. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_213_Security_Signals_What_are_you_telling_the_world.mp3 Show Notes Reddit carbon monoxide Part 1 Part 2 GCP Grey minus infinity Josh’s blog post