Github

Josh and Kurt talk about how terrible daylight savings is. GitHub yanking some exploit code. And the Linux Foundation new project to sign all the things. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_263_GitHub_pulls_exploits_LinuxFoundation_sign_all_the_things.mp3 Show Notes Researcher Publishes Code to Exploit Microsoft Exchange Vulnerabilities on Github GitHub content restrictions Reproducing the Microsoft Exchange Proxylogon Exploit Chain

Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many layers in a security journey, the most important things you can do are also the least exciting. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_215_Real_security_is_boring.mp3 Show Notes Targeting developers XKCD Infrastructure comic Hiding security flaws in git Mossad vs Not-Mossad (PDF warning)

Josh and Kurt talk to Rob Schultheis from GitHub about some of the amazing projects GitHub is working on. We discuss GitHub security advisories, getting a CVE from GitHub, and what the new GitHub Security Lab is doing. It’s a great conversation about how GitHub is working to make security better for all of us. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_174_GitHub_turns_security_up_to_11_A_discussion_with_Rob_Schultheis.mp3 Show Notes GitHub Security Advisories GitHub CVE requests GitHub Security Lab GitHub Security Lab Slack GitHub Security Lab Twitter Show Tags #CodeQL #GitHub Comment on Twitter with the #osspodcast hashtag ...