Episode 330 – The sliding scale of risk: seeing the forest for the trees

Josh and Kurt talk about the challenge of dealing with vulnerabilities at a large scale. We tend to treat every vulnerability equally when they are not equal at all. Some are trees we have to pay very close attention to, and some are part of a larger forest that can’t be treated as individual vulnerabilities.Continue reading “Episode 330 – The sliding scale of risk: seeing the forest for the trees”

Episode 308 – Welcome to the jungle – How to talk about open source security

Josh and Kurt talk about how to get attention for security problems. Recent research around Twitter credentials checked into GitHub showed us how to get a lot of attention when compared to a problem like Log4Shell which took years before anyone really picked up on the problem. It’s hard to talk about security sometimes. Show Notes Josh’s computerContinue reading “Episode 308 – Welcome to the jungle – How to talk about open source security”

Episode 302 – Log4j is a mess

Josh and Kurt talk about the same topic everyone is talking about, Log4j. This episode was recorded on the Wednesday after the first Log4j issue. We point out all the gaps and difficulties for the defenders. The situation has gotten worse since then. Good luck to everyone dealign with this thing Show Notes Log4j GSD entry Minecraft serverContinue reading “Episode 302 – Log4j is a mess”