Openssh

wide-netowrk

Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift

Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The overall theme seems to be open source is huge, everywhere, and needs help. But all is no lost! There’s some great ideas on what the future needs to look like. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_454_The_state_of_open_source_with_Brian_Fox_from_Sonatype_and_Donald_Fischer_from_Tidelift.mp3 Show Notes Donald Fischer Brian Fox Tidelift Sonatype The 2024 Tidelift state of the open source maintainer report Sonatype State of the Software Supply Chain Anchore 2024 Software Supply Chain Security Report OpenSSF TAC issue 101

November 11, 2024
wide-vine

Episode 436 - OpenSSH and node-ip - it's all exponential growth

Josh and Kurt talk about the recent OpenSSH vulnerability and the node-ip project owner taking their project private. They’re quasi related in the context of two open source projects handled bugs very differently. The OpenSSH bug isn’t really as serious as it seems, but you still want to patch. The node-ip bug is a very different story. The relationship between users and open source developers is one experiencing more strain now than we’ve ever seen. It’s a weird conversation and we don’t have good answers. Security in general is a collection of unsolvable problems. ...

July 8, 2024
wide-block-post

Episode 433 - Should OpenSSH block misbehaving clients?

Josh and Kurt talk about a new proposal from OpenSSH to add a timeout to penalize clients misbehaving. But this then brings up the typical security conversation of “if it’s not perfect we shouldn’t do it”. Trying new things is a good thing, even if something fails, we learn a lesson that we can use in the future. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_433_Should_OpenSSH_block_misbehaving_clients.mp3 Show Notes OpenSSH introduces options to penalize undesirable behavior Hacker News comments

June 17, 2024
pipes-5146458_1920

Episode 268 - Can we trust any 3rd parties?

Josh and Kurt talk about what 3rd party means in the current world. From 5G suppliers, to the Codecov and Solarwinds breaches. Is there anyone we can trust? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_268_Can_we_trust_any_3rd_parties.mp3 Show Notes Europe and 5G Codecov Codecov Reuters story Red Hat OpenSSH advisory

April 26, 2021