Eol

A pile of old books

CVE for EOL with Aaron Frost

Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with knowledge. The conversation uncovers the ethical tensions between resource constraints and security transparency, highlighting why the “vulnerable until proven otherwise” approach is the best path forward for end of life software. Episode Links This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player. ...

April 14, 2025 · Josh Bressers
A dead tree in the desert

Patching EOL Open Source with Aaron Frost

When I started Open Source Security HeroDevs reached out and asked if I wanted to have a chat. I was pretty interested in this discussion because the work HeroDevs does today is very similar to the work I did at Red Hat for a decade. While what they work on is a bit different than the sort of things we shipped in a Linux distribution, the basic idea is still the same. ...

February 17, 2025 · Josh Bressers
tangle-wide

Episode 457 - The D-Link D-bacle

Josh and Kurt talk about a serious D-Link security vulnerability in a bunch of end of life products. The crux of the discussion focuses on D-Link, but the reality is almost all consumer gear you plug into the internet is terrible. And there’s little hope it will get better anytime soon. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_457_The_D-Link_D-bacle.mp3 Show Notes China has utterly pwned ’thousands and thousands’ of devices at US telcos D-Link tells users to trash old VPN routers over bug too dangerous to identify D-Link YouTube explainer video

December 2, 2024
wide-dead-end

Episode 444 - Open Source and End of Life

Josh and Kurt talk about Chrome unexpectedly going EOL on Ubuntu 18. Keeping old things alive is really hard to do, and in open source it’s becoming more common to just run the latest version rather than trying to keep old versions alive for long periods of time. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_444_Open_Source_and_End_of_Life.mp3 Show Notes Chrome dumped support for Ubuntu 18.04 – but it’ll be back Linus Torvalds talks AI, Rust adoption, and why the Linux kernel is ’the only thing that matters’ Pidgin backdoor

September 2, 2024