Open Source Security Podcast

Dec 26, 2022

Josh and Kurt talk about some security gifts for boxing day. We start out with the idea of the security poverty line and discuss a few ideas for how a low resource group can make their open source more secure. There are no simple answers unfortunately.

Show Notes

• Wendy Nather
• Security Poverty Line
• Boots...

Dec 19, 2022

Josh and Kurt talk about how hard multi factor authentication is. This all starts from a Mastodon thread, and Jerry Bell, the administrator of infosec.exchange joins us to discuss password security and all things Mastodon. Infosec.exchange is an incredible story and Jerry weaves a thrilling tale.

Show Notes

Dec 12, 2022

Josh and Kurt talk to Jill Moné-Corallo about GitHub's bug bounty and product security team. It's a treat to discuss bug bounties with someone who is managing a very large bug bounty for one of the most important web sites in the world of software today.

Show Notes

• Jill's Twitter
• Jill's Mastodon
• GitHub Bug Bounty
• Bug...

Dec 5, 2022

Josh and Kurt talk about a new tool that can do Stylometry analysis of Hacker News authors. The availability of such tools makes anonymity much harder on the Internet, but it's also not unexpected. The amount of power and tooling available now is incredible. We also discuss some of the future challenges we will see from...

Nov 28, 2022

Josh and Kurt talk about end to end encrypted messages. This has been a popular topic lately due to the Mastodon popularity. Mastodon has a uniquely insecure messaging system, but they aren't the only one. The eternal debate of can security and usability exist together? We suspect it can't be, but it's a very...