Episode 322 – Adam Shostack on the security of Star Wars

Josh and Kurt talk to Adam Shostack about his new book “Threats: What Every Engineer Should Learn From Star Wars”. We discuss some of the lessons and threats in the Star Wars universe, it’s an old code I hear. We also discuss if Star Wars is a better than Star Trek for teaching security (it probably is). It’sContinue reading “Episode 322 – Adam Shostack on the security of Star Wars”

Episode 319 – Patch Tuesday with a capital T

Josh and Kurt talk about a lot of security vulnerabilities in this month’s Patch Tuesday. There’s also a new Git vulnerability. This sparks the age old question of how fast to patch? The answer isn’t binary, the right answer is whatever works best for you, not what someone tells you is best. Show Notes Patch Tuesday Git securityContinue reading “Episode 319 – Patch Tuesday with a capital T”

Episode 317 – The lack of compromise in security

Josh and Kurt talk about the binary nature of security. Many of our ideas are yes or no, there’s not much in the middle. The conversation ends up derailed due to a Twitter thread about pinning dependencies. This gives you an idea how contentious of a topic pinning is. The final takeaway is not toContinue reading “Episode 317 – The lack of compromise in security”

Episode 314 – The Linux Dirty Pipe vulnerability

Josh and Kurt talk about the Linux Kernel Dirty Pipe security vulnerability. This bug is an amazing combination of amazing complexity, incredible simplicity, and a little bit of luck. The discovery is amazing, the analysis is enlightening. There’s almost no way a bug like this could be found outside of open source. Show Notes DirtyContinue reading “Episode 314 – The Linux Dirty Pipe vulnerability”

Episode 312 – The Legend of the SBOM

Josh and Kurt talk about SBOMs. Not what they are, there’s plenty about that. We talk about why everyone keeps claiming they’re super important, and why we’re starting to see some people question if we really need them. SBOMs are part of a future that’s still being invented. Show Notes Questioning SBOMs Rezilion Log4j diagram David A WheelerContinue reading “Episode 312 – The Legend of the SBOM”

Episode 310 – Hayley Tsukayama from the EFF talks about privacy

Josh and Kurt talk to Hayley Tsukayama from the EFF about privacy. We all know privacy in the modern age is very complicated and difficult. Normal people don’t have many allies when it comes to privacy. The EFF has been blazing the trail for digital rights for more than 30 years! This episode has aContinue reading “Episode 310 – Hayley Tsukayama from the EFF talks about privacy”

Episode 301 – You’re holding it wrong: the importance of unlearning

Josh and Kurt talk about the epic failure that was episode 300. But this ties nicely into the topic of the day which is new ways to do things. The example is a new way to hold a controller when playing Tetris. There are always new tools and new ideas in security. Sometimes we have to abandon theContinue reading “Episode 301 – You’re holding it wrong: the importance of unlearning”

Episode 299 – Experts From A World That No Longer Exists

Josh and Kurt talk about an article about how expertise has a limited lifetime. We are all experts in something, but some of us will find our expert knowledge to be outdated eventually. We discuss what that means in the context of security and tech and disagree about how to best keep your skills up to date. ShowContinue reading “Episode 299 – Experts From A World That No Longer Exists”

Episode 298 – David A Wheeler discusses the OpenSSF

Josh and Kurt talk to David A. Wheeler about everything OpenSSF. The Open Source Security Foundation is part of the Linux Foundation, and there are 6 OpenSSF working groups. David does a great job explaining how the OpenSSF works and what the 6 working groups are doing. The working group are (in no particular order): Identifying Security Threats,Continue reading “Episode 298 – David A Wheeler discusses the OpenSSF”