Wordpress

Episode 459 - CWE Top 25 List

Josh and Kurt talk about a CWE Top 25 list from MITRE. The list itself is fine, but we discuss why the list looks the way it does (it’s because of WordPress). We also discuss why Josh hates lists like this (because they never create any actions). We finish up running through the whole list with a few comments about the findings. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_459_CWE_Top_25_List.mp3 Show Notes 2024 CWE Top 25 Most Dangerous Software Weaknesses Set of 9 Unusual Odd Sided dice - D3, D5, D7, D9, D11, D13, D15, D17 & D19

Episode 455 - Wordpress plugin security

Josh and Kurt talk about the way Wordpress vets their plugins. While Wordpress has been in the news lately, they do some clever things to get plugins approved. There’s a static analyzer that runs against new submissions. We discuss using static analysis, securing open source, contributing and more. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_455_Wordpress_plugin_security.mp3 Show Notes Linus Torvalds Lands A 2.6% Performance Improvement With Minor Linux Kernel Patch Kurt’s Plugin

Episode 450 - What's Wrong With WordPress

Josh and Kurt talk about the current Wordpress / WP Engine mess. In what is certainly a supply chain attack, the Advanced Custom Fields forking. This whole saga is weird and filled with chaos and stupidity. We have no idea how it will end, but we do know that the blog platform you use shouldn’t be this exciting. The bad sort of exciting. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_450_Whats_Wrong_With_Wordpress.mp3 Show Notes WordPress.org’s latest move involves taking control of a WP Engine plugin Wordpress / WP Engine timeline Knorr German Recipes

Episode 391 - The Wordpress 100 year disaster recovery problem

Josh and Kurt talk about wordpress selling web services with a 100 year lifespan. Will WordPress still be around in 100 years? What would 100 years of disaster recovery look like? Most of us will never need to think about 100 years of disaster recovery. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_391_The_Wordpress_100_year_disaster_recovery_problem.mp3 Show Notes WordPress is now selling 100-year domains Danish ransomware 15-Minute City The Year Without Pants

Episode 202 - The convergence of application security

Josh and Kurt talk about the security of applications. We talk about the security of infrastructure all the time, but what happens when we combine infrastructure into an application or solution? https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_202_The_convergence_of_application_security.mp3 Show Notes Picture of Kurt’s security check-up Dragon controls