Gsd

Josh and Kurt talk about the challenge of dealing with vulnerabilities at a large scale. We tend to treat every vulnerability equally when they are not equal at all. Some are trees we have to pay very close attention to, and some are part of a larger forest that can’t be treated as individual vulnerabilities. We often treat risk as a binary measurement instead of a sliding scale. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_330_The_sliding_scale_of_risk_seeing_the_forest_for_the_trees.mp3 Show Notes gsd.id The Register OpenSSL story OpenSSL bug

Josh and Kurt talk about the Global Security Database (GSD) project. This is a Cloud Security Alliance (CSA) effort to build community around vulnerability identifiers. https://traffic.libsyn.com/secure/forcedn/opensourcesecuritypodcast/Episode_307_Got_vulnerabilities_Introducing_GSD.mp3 Show Notes We rate dogs Racoons that heal your sadness Global Security Database Episode 261 – DWF is back! Welcome to community powered CVE GSD mailing list GSD Circle group GSD Database GSD Project Plan

Josh and Kurt talk about the same topic everyone is talking about, Log4j. This episode was recorded on the Wednesday after the first Log4j issue. We point out all the gaps and difficulties for the defenders. The situation has gotten worse since then. Good luck to everyone dealign with this thing https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_302_Log4j_is_a_mess.mp3 Show Notes Log4j GSD entry Minecraft server discussion Log4j GitHub issue 608