Cisa

Josh and Kurt talk about a survey about a TuxCare patch management and vulnerability detection. Sometimes our security bubble makes us forget what it’s like in the real world for the people who keep our infrastructure running. Patching isn’t always immediate, automation doesn’t fix everything, and accepting risk is very important. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_320_Security_Twitter_is_not_the_real_world.mp3 Show Notes State of Enterprise Vulnerability Detection and Patch Management CISA Known Exploited Vulnerabilities Catalog Google 0days

Josh and Kurt talk about Josh’s electric car and new job. We then talk about the recent UAParser.js malware incident. There have been a lot of calls to do more to secure open source, but nobody seems to have any concrete proposals or suggestions to fund any of these activities. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_295_Open_source_security_isnt_free.mp3 Show Notes UAParser.js CISA announcement