Preview Mode Links will not work in preview mode

Open Source Security Podcast

May 30, 2022

Josh and Kurt talk about a recent OpenSSF issue that asks the question how many open source maintainers should a project have that's "healthy"? Josh did some research that shows the overwhelming majority of packages have one maintainer. What does that mean?

Show Notes


May 23, 2022

Josh and Kurt talk about the whole work from home debate. It seems like there are a lot of very silly excuses why working from home is bad. We've both been working from home for a long time and have a chat about the topic. There's not much security in this one, but it is a fun discussion.

Show Notes


May 16, 2022

Josh and Kurt talk about a fake 7-Zip security report. It's pretty clear that everyone is running open source all the time. We end on some thoughts around what SBOM is good for, and who should be responsible for them.

Show Notes


May 9, 2022

Josh and Kurt talk to Adam Shostack about his new book "Threats: What Every Engineer Should Learn From Star Wars". We discuss some of the lessons and threats in the Star Wars universe, it's an old code I hear. We also discuss if Star Wars is a better than Star Trek for teaching security (it probably is). It's a...


May 2, 2022

Josh and Kurt talk about the Google Project Zero blog post about 0day vulnerabilities in 2021. There were a lot more than ever before, but why? Part of the challenge is the whole industry is expanding while a lot of our security technologies are not. When the universe around you is expanding but you're staying the...