Josh and Kurt talk about SBOMs. Quite a bit has happened in the world of SBOMs in the last year or so. There are going to be different types of SBOMs, like build, source, or runtime. Each will tell us different things depending on what we need to know. We also cover some of theContinue reading “Episode 364 – Using SBOMs is hard”
Tag Archives: cisa
Episode 321 – Relativistic Security: Project Zero on 0day
Josh and Kurt talk about the Google Project Zero blog post about 0day vulnerabilities in 2021. There were a lot more than ever before, but why? Part of the challenge is the whole industry is expanding while a lot of our security technologies are not. When the universe around you is expanding but you’re stayingContinue reading “Episode 321 – Relativistic Security: Project Zero on 0day”
Episode 320 – Security Twitter is not the real world
Josh and Kurt talk about a survey about a TuxCare patch management and vulnerability detection. Sometimes our security bubble makes us forget what it’s like in the real world for the people who keep our infrastructure running. Patching isn’t always immediate, automation doesn’t fix everything, and accepting risk is very important. Show Notes State of Enterprise Vulnerability DetectionContinue reading “Episode 320 – Security Twitter is not the real world”
Episode 295 – Open source security isn’t free
Josh and Kurt talk about Josh’s electric car and new job. We then talk about the recent UAParser.js malware incident. There have been a lot of calls to do more to secure open source, but nobody seems to have any concrete proposals or suggestions to fund any of these activities. Show Notes UAParser.js CISA announcement
Open Source Security 