Nist

Josh and Kurt talk about new NIST password guidance. There’s some really good stuff in this new document. Ideas like usability and equity show up (which is amazing). There’s more strict guidance against rotating passwords and complex passwords. This new guidance gives us a lot to look forward to. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_461_The_new_NIST_password_guidance.mp3 Show Notes Usagi Electric NIST proposes barring some of the most nonsensical password rules NIST SP 800-63(B) STRIDE threat model PASTA threat model

Josh and Kurt talk about the new SSDF attestation form from CISA. The current form isn’t very complicated, and the SSDF has a lot of room for interpretation. But this is the start of something big. It’s going to take a long time to see big changes in supply chain security, but we’re confident they will come. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_421_CISA_new_SSDF_attestation_form.mp3 Show Notes Secure Software Development Attestation Form The U.S. Military Is Missing Six Nuclear Weapons NIST 800-218

Josh and Kurt talk about communication. It’s really hard to talk about a lot of what we do. How do we know if a device is secure? How do we know our knowledge is correct? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_251_Communication_is_hard_security_communication_is_more_hard.mp3 Show Notes 90 percent of U.S. bills carry traces of cocaine Is the moon a star or planet? A mole of moles New homeowner ‘freaked out’ when stranger took control of her security system Coffee maker ransomware NIST Phish Scale The metric system Operation Paperclip