Open Source Security

By Josh Bressers

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.

Image by Josh Bressers

Category: Technology

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast
    

Subscribers: 195
Reviews: 1
Episodes: 472


 Dec 13, 2018
A fairly decent dive into security related topics. The discussions are often lively and the topics relevant.

Description

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.

Episode Date
Open Source Malware with Brian Fox
Mar 10, 2025
Open Source Foundations with Kelley Misata of Suricata
Mar 03, 2025
Forking Open Source Projects with Sheogorath
Feb 24, 2025
Patching EOL Open Source with Aaron Frost
Feb 17, 2025
Why do we keep ignoring CI security with François Proulx
Feb 10, 2025
Modern day authentication with Marc Boorshtein
Feb 03, 2025
Government Security Requirements with Dick Brooks
Jan 27, 2025
Open Source Maintenance with Gary Kramlich
Jan 20, 2025
Safety vs Security with Thomas Depierre
Jan 13, 2025
The Future of Open Source Security
Jan 01, 2025
Episode 461 - The new NIST password guidance
Dec 30, 2024
Episode 460 - Santa's Supply Chain Security
Dec 23, 2024
Episode 459 - CWE Top 25 List
Dec 16, 2024
Episode 458 - FBI endorses E2E encryption
Dec 09, 2024
Episode 457 - The D-Link D-bacle
Dec 02, 2024
Episode 456 - What if XZ happened to a company? The openness of open source
Nov 25, 2024
Episode 455 - Wordpress plugin security
Nov 18, 2024
Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift
Nov 11, 2024
Episode 453 - Software Liability
Nov 04, 2024
Episode 452 - All about Meshtastic
Oct 28, 2024
Episode 451 - Python security with Seth Larson
Oct 21, 2024
Episode 450 - What's Wrong With WordPress
Oct 14, 2024
Episode 449 - The CUPSpocalypse
Oct 07, 2024
Episode 448 - What's wrong with CISA?
Sep 30, 2024
Episode 447 - The Tidelift 2024 open source maintainer report
Sep 23, 2024
Episode 446 - Researchers took over .MOBI TLD
Sep 16, 2024
Episode 445 - EPSS with Jay Jacobs
Sep 09, 2024
Episode 444 - Open Source and End of Life
Sep 02, 2024
Episode 443 - The Supply Chain Security Crisis
Aug 26, 2024
Episode 442 - The foundation of society, TLS certificates are a mess
Aug 19, 2024
Episode 441 - Is CWE useful?
Aug 12, 2024
Episode 440 - "What is open source" talk Josh gave
Aug 05, 2024
Episode 439 - Where are all the youth in open source?
Jul 29, 2024
Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice
Jul 22, 2024
Episode 437 - CocoPods and proper funding for open source
Jul 15, 2024
Episode 436 - OpenSSH and node-ip - it's all exponential growth
Jul 08, 2024
Episode 435 - polyfill.io - open source is too big to fix
Jul 01, 2024
Episode 434 - Unreported vulnerabilities and everyone is getting hacked
Jun 24, 2024
Episode 433 - Should OpenSSH block misbehaving clients?
Jun 17, 2024
Episode 432 - Flipper Zero with Alex Kulagin
Jun 10, 2024
Episode 431 - Redirecting HTTP to HTTPS
Jun 03, 2024
Episode 430 - Frozen kernel security
May 27, 2024
Episode 429 - The autonomy of open source developers
May 20, 2024
Episode 428 - GitHub artifact attestation
May 13, 2024
Episode 427 - Will run0 replace sudo?
May 06, 2024
Episode 426 - Automatically exploiting CVEs with AI
Apr 29, 2024
Episode 425 - Video game cheaters, also pretendo
Apr 22, 2024
Episode 424 - The Notepad++ Parasite Website
Apr 15, 2024
Episode 423 - FCC cybersecurity label for consumer devices
Apr 08, 2024
XZ Bonus Spectacular Episode
Apr 01, 2024
Episode 422 - Do you have a security.txt file?
Apr 01, 2024
Episode 421 - CISA's new SSDF attestation form
Mar 25, 2024
Episode 420 - What's going on at NVD
Mar 18, 2024
Episode 419 - Malicious GitHub repositories
Mar 11, 2024
Episode 418 - Being right all the time is hard
Mar 04, 2024
Episode 417 - Linux Kernel security with Greg K-H
Feb 26, 2024
Episode 416 - Thomas Depierre on open source in Europe
Feb 19, 2024
Episode 415 - Reducing attack surface for less security
Feb 12, 2024
Episode 414 - The exploited ecosystem of open source
Feb 05, 2024
Episode 413 - PyTorch and NPM get attacked, but it's OK
Jan 29, 2024
Episode 412 - Blame the users for bad passwords!
Jan 22, 2024
Episode 411 - The security tools that started it all
Jan 15, 2024
Episode 410 - Package identifiers are really hard
Jan 08, 2024
Episode 409 - You wouldn't hack a train?
Jan 01, 2024
Episode 408 - Does Kubernetes need long term support?
Dec 25, 2023
Episode 407 - Should Santa use AI?
Dec 18, 2023
Episode 406 - The security of radio
Dec 11, 2023
Episode 405 - Modding games isn't cheating and security isn't fair
Dec 04, 2023
Episode 403 - Does the government banning apps work?
Nov 27, 2023
Episode 402 - The EU's eIDAS regulation is a terrible idea
Nov 20, 2023
Episode 401 - Security skills shortage - We've tried nothing and the same thing keeps happening
Nov 13, 2023
Episode 400 - When can the government hack a victim?
Nov 06, 2023
Episode 399 - Curl, Security, and Daniel Stenberg
Oct 30, 2023
Episode 398 - Is only 11% of open source maintained?
Oct 23, 2023
Episode 397 - The curl and glibc vulnerabilities
Oct 16, 2023
Episode 396 - CLAs are bad, Mkay?
Oct 09, 2023
Episode 395 - Uncertainty, trust, and security
Oct 02, 2023
Episode 394 - The lie anyone can contribute to open source
Sep 25, 2023
Episode 393 - Can you secure something you don't own?
Sep 18, 2023
Episode 392 - Curl and the calamity of CVE
Sep 11, 2023
Episode 391 - The Wordpress 100 year disaster recovery problem
Sep 04, 2023
Episode 390 - Rust shipping binaries doesn't matter
Aug 28, 2023
Episode 389 - What would HashiCorp do?
Aug 21, 2023
Episode 388 - Video game vulnerabilities
Aug 14, 2023
Episode 387 - Enterprise open source is different
Aug 07, 2023
Episode 386 - We are watching web 2.0 burn
Jul 31, 2023
Episode 385 - Is open source an insider threat?
Jul 24, 2023
Episode 384 - What's next for open source?
Jul 17, 2023
Episode 383 - Is open source dying?
Jul 10, 2023
Episode 382 - Red Hat, you were the chosen one!
Jul 03, 2023
Episode 381 - WTF Reddit, APIs and risk
Jun 26, 2023
Episode 380 - A new Sovereign Tech Fund program and the BBC on destroying hard drives
Jun 19, 2023
Episode 379 - Will open source save the world, again?
Jun 12, 2023
Episode 378 - Naming things is harder than security
Jun 05, 2023
Episode 377 - The world is changing too fast for humans to understand
May 29, 2023
Episode 376 - Open Source Summit, who built your open source, and AI
May 22, 2023
Episode 375 - The market forces of left-pad, Episode 77 remaster part 2
May 15, 2023
Episode 374 - The event we called left-pad, Episode 77 remaster part 1
May 08, 2023
Episode 373 – HHGG security, Episode 42 remaster part 2
May 01, 2023
Episode 372 - HHGG security, Episode 42 remaster part 1
Apr 24, 2023
Episode 371 - pip install is the tool we deserve but not the tool we need
Apr 17, 2023
Episode 370 - Open Source is bigger than you can imagine
Apr 10, 2023
Episode 369 - OpenAI broke ChatGPT then tried to blame open source
Apr 03, 2023
Episode 368 - The Sovereign Tech Fund with Fiona Krakenbürger
Mar 27, 2023
Episode 367 - Open source will never be the same
Mar 20, 2023
Episode 366 - Software liability is coming
Mar 13, 2023
Episode 365 - "I am not your supplier" with Thomas Depierre
Mar 06, 2023
Episode 364 - Using SBOMs is hard
Feb 27, 2023
Episode 363 - Joylynn Kirui from Microsoft on DevSecOps
Feb 20, 2023
Episode 362 - A lesson in Rust from Carol Nichols
Feb 13, 2023
Episode 361 - GitHub got pwnt, but it wasn't very exciting
Feb 06, 2023
Episode 360 - Memory safety and the NSA
Jan 30, 2023
Episode 359 - The NOTAM outage and other legacy technology
Jan 23, 2023
Episode 358 - Furby vs Alexa
Jan 16, 2023
Episode 357 - Is open source being overexploited?
Jan 09, 2023
Episode 356 - LastPass ducked up, now what?
Jan 02, 2023
Episode 355 - Security Boxing Day
Dec 26, 2022
Episode 354 - Jerry Bell tells us why Mastodon is awesome and MFA is hard
Dec 19, 2022
Episode 353 - Jill Moné-Corallo on GitHub's bug bounty program
Dec 12, 2022
Episode 352 - Stylometry removes anonymity
Dec 05, 2022
Episode 351 - Is security or usability a law of the universe?
Nov 28, 2022
Episode 350 - Spam, Email, Content Moderation, and Infrastructure Oh My
Nov 21, 2022
Episode 349 - The cyber is coming from inside the house - the UK is scanning itself
Nov 14, 2022
Episode 348 - OpenSSL is the new lead paint
Nov 07, 2022
Episode 347 - Airtags in luggage and weasel security - two peas in a suitcase
Oct 31, 2022
Episode 346 - Security and working from home have terrible things in common
Oct 24, 2022
Episode 345 - Cheap hacking devices turn security upside down
Oct 17, 2022
Episode 344 - Python tarfile - 2022 is nothing like 2007
Oct 10, 2022
Episode 343 - Stop trying to fix the open source software supply chain
Oct 03, 2022
Episode 342 - Programming languages are the new operating system
Sep 26, 2022
Episode 341 - Time till open source alternative
Sep 19, 2022
Episode 340 - Let's chat about Let's Encrypt with Josh Aas
Sep 12, 2022
Episode 339 - Is a network problem a security vulnerability
Sep 05, 2022
Episode 338 - The government didn't make vulnerabilities illegal. Yet.
Aug 29, 2022
Episode 337 - Security patches are getting worse - Dustin Childs from ZDI tells us why
Aug 22, 2022
Episode 336 - We don't have data, we have security biases
Aug 15, 2022
Episode 335 - Bull*&$% security ideas
Aug 08, 2022
Episode 334 - Leap seconds break everything
Aug 01, 2022
Episode 333 - Open Source is unfair
Jul 25, 2022
Episode 332 - PyPI: 2FA or not 2FA, that is the question
Jul 18, 2022
Episode 331 - GPG, but nothing makes sense
Jul 11, 2022
Episode 330 - The sliding scale of risk: seeing the forest for the trees
Jul 04, 2022
Episode 329 - Signing (What is it good for)
Jun 27, 2022
Episode 328 - The Security of Jobs or Job Security
Jun 20, 2022
Episode 327 - The security of alert fatigue
Jun 13, 2022
Episode 326 - Big fat containers
Jun 06, 2022
Episode 325 - Is one open source maintainer enough?
May 30, 2022
Episode 324 - WTF is up with WFH
May 23, 2022
Episode 323 - The fake 7-Zip vulnerability and SBOM
May 16, 2022
Episode 322 - Adam Shostack on the security of Star Wars
May 09, 2022
Episode 321 - Relativistic Security: Project Zero on 0day
May 02, 2022
Episode 320 - Security Twitter is not the real world
Apr 25, 2022
Episode 319 - Patch Tuesday with a capital T
Apr 18, 2022
Episode 318 - Social engineering and why zlib got a 2018 CVE ID
Apr 11, 2022
Episode 317 - The lack of compromise in security
Apr 04, 2022
Episode 316 - You have to use open source
Mar 28, 2022
Episode 315 - Who even makes all these terrible decisions?
Mar 21, 2022
Episode 314 - The Linux Dirty Pipe vulnerability
Mar 14, 2022
Episode 313 - Insecurity at scale
Mar 07, 2022
Episode 312 - The Legend of the SBOM
Feb 28, 2022
Episode 311 - Did you scan the QR code?
Feb 21, 2022
Episode 310 - Hayley Tsukayama from the EFF talks about privacy
Feb 14, 2022
Episode 309 - The bright future of open source security
Feb 07, 2022
Episode 308 - Welcome to the jungle - How to talk about open source security
Jan 31, 2022
Episode 307 - Got vulnerabilities? Introducing GSD
Jan 24, 2022
Episode 306 - Open source isn't broken, it's an experience
Jan 17, 2022
Episode 305 - Norton, Ethereum, NFT, and Apes
Jan 10, 2022
Episode 304 - Will we ever fix all the vulnerabilities?
Jan 03, 2022
Episode 303 - Log4j Christmas Spectacular!
Dec 27, 2021
Episode 302 - Log4j is a mess
Dec 20, 2021
Episode 301 - You're holding it wrong: the importance of unlearning
Dec 13, 2021
Episode 300 - Apple vs NSO: What can copyright do for you?
Dec 06, 2021
Episode 299 - Experts From A World That No Longer Exists
Nov 29, 2021
Episode 298 - David A Wheeler discusses the OpenSSF
Nov 22, 2021
Episode 297 - 25 years of smashing stacks, fun, and profit
Nov 15, 2021
Episode 296 - Is Trojan Source a vulnerability?
Nov 08, 2021
Episode 295 - Open source security isn't free
Nov 01, 2021
Episode 294 - Chris Wysopal on the state of security education
Oct 25, 2021
Episode 293 - Scoring OpenSSF Security Scoring
Oct 18, 2021
Episode 292 - Apache RCE and Twitch epic pwn
Oct 11, 2021
Episode 291 - Everyone sucks at vulnerability disclosure
Oct 04, 2021
Episode 290 - The security of the Matrix
Sep 27, 2021
Episode 289 - Who left this 0day on the floor?
Sep 20, 2021
Episode 288 - Linux Kernel compiler warnings considered dangerous
Sep 13, 2021
Episode 287 - Is GitHub's Copilot the new Clippy?
Sep 06, 2021
Episode 286 - Open source supply chain with Google's Dan Lorenc
Aug 30, 2021
Episode 285 - Open source owes you nothing!
Aug 23, 2021
Episode 284 - What happens when we DRM power tools?
Aug 16, 2021
Episode 283 - When vulnerability disclosure becomes dangerous
Aug 09, 2021
Episode 282 - The security of Rust: who left all this awesome in here?
Aug 02, 2021
Episode 281 - If you spy on journalists, you're the bad guys
Jul 26, 2021
Episode 280 - The perils of Single Sign On
Jul 19, 2021
Episode 279 - The audacity of Audacity: When open source goes rogue
Jul 12, 2021
Episode 278 - Could SELinux have stopped SolarWinds?
Jul 05, 2021
Episode 277 - Privacy and activism with Chris Weiland
Jun 28, 2021
Episode 276 - Security, behavior, and the environment
Jun 21, 2021
Episode 275 - What in the @#$% is going on with ransomware?
Jun 14, 2021
Episode 274 - Mr. Amazon's Neighborhood
Jun 07, 2021
Episode 273 - Can we stop the coming artificial unintelligence deluge?
May 31, 2021
Episode 272 - The Biden Cybersecurity Executive Order
May 24, 2021
Episode 271 - Pipeline security: There is no problem humans can't make worse
May 17, 2021
Episode 270 - Hello dark patterns my old friend
May 10, 2021
Episode 269 - Do not experiment on the Linux Kernel
May 03, 2021
Episode 268 - Can we trust any 3rd parties?
Apr 26, 2021
Episode 267 - Does 0day still mean 0day?
Apr 19, 2021
Episode 266 - The future of security scanning with Debricked
Apr 12, 2021
Episode 265 - The lies closed source can tell, open source can't
Apr 05, 2021
Episode 264 - DevSecOps with GitLab's Mark Loveless
Mar 29, 2021
Episode 263 - GitHub pulls exploits, LinuxFoundation sign all the things
Mar 22, 2021
Episode 262 - A discussion with Loris and Pop from Sysdig
Mar 15, 2021
Episode 261 - DWF is back! Welcome to community powered CVE
Mar 08, 2021
Episode 260 - Dave Jevans tells us what CipherTrace is up to
Mar 01, 2021
Episode 259 - What even is open source anymore?
Feb 22, 2021
Episode 258 - Stop using C
Feb 15, 2021
Episode 257 - The sudo and libgcrypt vulnerabilities
Feb 08, 2021
Episode 256 - 9 bits of podcast, 8 bits of computing
Feb 01, 2021
Episode 255 - What if security wasn't joyless?
Jan 25, 2021
Episode 254 - Right to Repair Security
Jan 18, 2021
Episode 253 - Defenders only need to be right once
Jan 11, 2021
Episode 252 - Is open source dangerous? Open source won, who cares, shut up!
Jan 04, 2021
Episode 251 - Communication is hard, security communication is more hard
Dec 28, 2020
Episode 250 - Door 25: Why do we do the things we do? Question everything
Dec 25, 2020
Episode 249 - Door 24: Information wants to be free
Dec 24, 2020
Episode 248 - Door 23: How to report 1000 security flaws
Dec 23, 2020
Episode 247 - Door 22: How to report one security flaw
Dec 22, 2020
Episode 246 - Door 21: Bug bounties
Dec 21, 2020
Episode 245 - Door 20: Is SMS 2FA better than no 2FA?
Dec 20, 2020
Episode 244 - Door 19: TLS certificate trust
Dec 19, 2020
Episode 243 - Door 18: Don't roll your own crypto or auth
Dec 18, 2020
Episode 242 - Door 17: Vulnerability response
Dec 17, 2020
Episode 241 - Door 16: 16 bits of change
Dec 16, 2020
Episode 240 - Door 15: Supplier compliance
Dec 15, 2020
Episode 239 - Door 14: Backdoors
Dec 14, 2020
Episode 238 - Door 13: Unlucky or survivor bias?
Dec 13, 2020
Episode 237 - Door 12: Video game hacking
Dec 12, 2020
Episode 236 - Door 11: Should you get on a 737?
Dec 11, 2020
Episode 235 - Door 10: Deciding what information matters
Dec 10, 2020
Episode 234 - Door 09: public key cryptography
Dec 09, 2020
Episode 233 - Door 08: man 8 security
Dec 08, 2020
Episode 232 - Door 07: 7 is the best prime, 2 is the dumbest
Dec 07, 2020
Episode 231 - Door 06: 6 wifi risks ... that don't actually matter
Dec 06, 2020
Episode 230 - Door 05: 5 reasons you need 24/7 robot monitoring
Dec 05, 2020
Episode 229 - Door 04: EFF's Cover Your Tracks
Dec 04, 2020
Episode 228 - Door 03: Do all vulnerabilities matter equally?
Dec 03, 2020
Episode 227 - Door 02: Marketing department or selection bias?
Dec 02, 2020
Episode 226 - Door 01: Advent calendars
Dec 01, 2020
Episode 225 - Who is responsible if IoT burns down your house?
Nov 23, 2020
Episode 224 - Are old Android devices dangerous?
Nov 16, 2020
Episode 223 - Full disclosure won, deal with it
Nov 09, 2020
Episode 222 - HashiCorp Boundary with Jeff Mitchell
Nov 02, 2020
Episode 221 - Security, magic, and FaceID
Oct 26, 2020
Episode 220 - Securing network time and IoT
Oct 19, 2020
Episode 219 - Chat with Larry Cashdollar
Oct 12, 2020
Episode 218 - The past was a terrible place
Oct 05, 2020
Episode 217 - How to tell your story with Travis Murdock
Sep 28, 2020
Episode 216 - Security didn't find life on Venus
Sep 21, 2020
Episode 215 - Real security is boring
Sep 14, 2020
Episode 213 - Security Signals: What are you telling the world
Sep 07, 2020
Episode 212 - Grab Bag: The Security We Deserve Edition
Aug 31, 2020
Episode 211 - The only thing harder than signing files is managing users
Aug 24, 2020
Episode 210 - Cult of Information Security
Aug 17, 2020
Episode 209 - Secure Boot isn't Secure
Aug 10, 2020
Episode 208 - Passwords are pollution
Aug 03, 2020
Episode 207 - Weaponized attention
Jul 27, 2020
Episode 206 - Confidential Virtual Machines; The future of cloud computing
Jul 20, 2020
Episode 205 - The State of Open Source Security with Alyssa Miller from Snyk
Jul 13, 2020
Episode 204 - What Would Apple Do?
Jul 06, 2020
Episode 203 - Humans, conferences, and security: let me think and get back to you in a bit
Jun 29, 2020
Episode 202 - The convergence of application security
Jun 22, 2020
Episode 201 - We broke CVSSv3, now how do we fix it?
Jun 15, 2020
Episode 200 - Talking Container Security with Liz Rice
Jun 08, 2020
Episode 199 - Special cases are special: DNS, Websockets, and CSV
Jun 01, 2020
Episode 198 - Good advice or bad advice? Hang up, look up, and call back
May 25, 2020
Episode 197 - Beer, security, and consistency; the newer, better, triad
May 17, 2020
Episode 196 - Pounding square solutions into round holes: forced updates from Ubuntu
May 11, 2020
Episode 195 - Is BGP actually insecure?
May 04, 2020
Episode 194 - Working from home security: resistance is futile
Apr 27, 2020
Episode 193 - Security lessons from space: Apollo 13 edition
Apr 20, 2020
Episode 192 - Work without progress - what Infosec can learn from treadmills
Apr 13, 2020
Episode 191 - Security scanners are all terrible
Apr 06, 2020
Episode 190 - Building a talent "ecosystem"
Apr 05, 2020
Episode 189 - Video game hackers - speedrunning
Mar 30, 2020
Episode 188 - Depressing news sucks, we're talking about cheating in video games
Mar 23, 2020
Episode 187 - Wireguard vs IPsec: the OK Boomer of security
Mar 15, 2020
Episode 186 - Endpoint security with Tony Meehan
Mar 08, 2020
Episode 185 - Is it even possible to fix open source security?
Mar 02, 2020
Episode 184 - It’s DNS. It's always DNS
Feb 24, 2020
Episode 183 - The great working from home experiment
Feb 17, 2020
Episode 182 - Does open source owe us anything?
Feb 10, 2020
Episode 181 - The security of SIM swapping
Feb 03, 2020
Episode 180 - A Tale of Two Vulnerabilities
Jan 27, 2020
Episode 179 - Google Project Zero and the 90 day clock
Jan 20, 2020
Episode 178 - Are CVEs important and will ransomware put you out of business?
Jan 13, 2020
Episode 177 - Fake or real? The security of counterfeit goods
Jan 06, 2020
Episode 176 - The 'predictions are stupid' prediction episode
Dec 30, 2019
Episode 175 - Defenders will always be one step behind
Dec 23, 2019
Episode 174 - GitHub turns security up to 11; A discussion with Rob Schultheis
Dec 16, 2019
Episode 173 - Ho Ho Homeland Security
Dec 09, 2019
Episode 172 - The security of planned obsolescence
Dec 02, 2019
Episode 171 - Measuring cybersecurity with Kathryn Waldron
Nov 25, 2019
Episode 170 - Until that quantum computer is cracking RSA keys, go sit back down!
Nov 17, 2019
Episode 169 - What happens when leadership doesn't care about security?
Nov 11, 2019
Episode 168 - The draconian draconians of DRM
Nov 03, 2019
Episode 167 - Security is terrible because digital literacy is terrible
Oct 28, 2019
Episode 166 - Every day should be cybersecurity awareness month!
Oct 21, 2019
Episode 165 - Grab Bag of Microsoft Security News
Oct 13, 2019
Episode 164 - DNS over HTTPS: Probably not the end of the world
Oct 07, 2019
Episode 163 - Death to Python 2
Sep 30, 2019
Episode 162 - SBOM with Allan Friedman
Sep 23, 2019
Episode 161 - Human nature and ad powered open source
Sep 16, 2019
Episode 160 - Disclosing security issues is insanely complicated: Part 2
Sep 09, 2019
Episode 159 - Disclosing security issues is insanely complicated: Part 1
Sep 02, 2019
Episode 158 - The mess that we call credit agencies in the US
Aug 26, 2019
Episode 157 - Backdoors and snake oil in our cryptography
Aug 19, 2019
Episode 156 - What if we MitM a whole country?
Jul 29, 2019
Episode 155 - Stealing cars and ransomware
Jul 22, 2019
Episode 154 - Chat with the authors of the book "The Fifth Domain"
Jul 16, 2019
Episode 153 - The unexpected security of AI, photographs, and VPN
Jul 08, 2019
Episode 152 - Tavis breaks the world ... again
Jul 01, 2019
Episode 151 - The DARPA Cyber Grand Challenge with David Brumley
Jun 24, 2019
Episode 150 - Our ad funded dystopian present
Jun 17, 2019
Episode 149 - Chat with Michael Coates about data security
Jun 10, 2019
Episode 148 - You just got pwnt, what now?
Jun 03, 2019
Episode 147 - Scams and operations as part of the supply chain
May 27, 2019
Episode 146 - What the @#$% happened to Microsoft?
May 20, 2019
Episode 145 - What do security and fire have in common?
May 13, 2019
Episode 144 - The security of money, which one is best?
May 06, 2019
Episode 143 - Security lessons from the phone book
Apr 29, 2019
Episode 142 - Hypothetical security: what if you find a USB flash drive?
Apr 21, 2019
Episode 141 - Timezones are hard, security is harder
Apr 15, 2019
Episode 140 - Good enough security is a pretty high bar
Apr 08, 2019
Episode 139 - Secure voting, firefox send, and toxic comments on the internet
Apr 01, 2019
Episode 138 - Information wants to be free
Mar 25, 2019
Episode 137.5 - Holy cow Beto was in the cDc, this is awesome!
Mar 18, 2019
Episode 137 - When the IoT attacks!
Mar 11, 2019
Episode 136 - How people feel is more important than being right
Mar 04, 2019
Episode 135 - Passwords, AI, and cloud strategy
Feb 25, 2019
Episode 134 - What's up with the container runc security flaw?
Feb 18, 2019
Episode 133 - Smart locks and the government hacking devices
Feb 11, 2019
Episode 132 - Bird Scooter: 0, Cory Doctorow: 1
Feb 04, 2019
Episode 131 - Windows micropatches, Google's privacy fine, and Mastercard fixes trial abuse
Jan 28, 2019
Episode 130 - Chat with Snyk co-founder Danny Grander
Jan 21, 2019
Episode 129 - The EU bug bounty program
Jan 14, 2019
Episode 128 - Australia's encryption backdoor bill
Jan 07, 2019
2018 Christmas Special - Is Santa GDPR compliant?
Dec 24, 2018
Episode 127 - Walled gardens, appstores, and more
Dec 17, 2018
Episode 126 - The not so dire future of supply chain security
Dec 10, 2018
Episode 125 - Open Source, supply chains, npm, and you
Dec 03, 2018
Episode 124 - Cloudflare's service workers and the economics of security
Nov 26, 2018
Episode 123 - Talking about Kubernetes and container security with Liz Rice
Nov 19, 2018
Episode 122 - What will Apple's T2 chip mean for the rest of us?
Nov 12, 2018
Episode 121 - All about the security of voting
Nov 05, 2018
Episode 120 - Bloomberg and hardware backdoors - it's already happening
Oct 29, 2018
Episode 119 - The Google+ and Facebook incidents, it's not your data anymore
Oct 22, 2018
Episode 118 - Cloudflare's IPFS and onion service
Oct 15, 2018
Episode 117 - Will security follow Linus' lead on being nice?
Oct 08, 2018
Episode 116 - The future of the CISO with Michael Piacente
Oct 01, 2018
Episode 115 - Discussion with Brian Hajost from SteelCloud
Sep 24, 2018
Episode 114 - Review of "Click Here to Kill Everybody"
Sep 17, 2018
Episode 113 - Actual real security advice
Sep 10, 2018
Episode 112 - Google's Titan Key and the latest Struts issue
Sep 03, 2018
Episode 111 - The TLS 1.3 and DNS episode
Aug 27, 2018
Episode 110 - Review of Black Hat, Defcon, and the effect of security policies
Aug 19, 2018
Episode 109 - OSCon and actionable advice
Aug 13, 2018
Episode 108 - Bluetooth, phishing, airgaps, and eating soup off the floor
Aug 06, 2018
Episode 107 - The year of the Linux Desktop and other hardware stories
Jul 30, 2018
Episode 106 - Data isn't oil, it's nuclear waste
Jul 23, 2018
Episode 105 - More backdoors in open source
Jul 16, 2018
Episode 104 - The Gentoo security incident
Jul 09, 2018
Episode 103 - The Seven Properties of Highly Secure Devices
Jul 02, 2018
Episode 102 - Michael Feiertag from tCell
Jun 25, 2018
Episode 101 - Our unregulated future is here to stay
Jun 17, 2018
Episode 100 - You're bad at buying security, we can help!
Jun 11, 2018
Episode 99 - Consumer security is too broken to fix, and it doesn't matter
Jun 04, 2018
Episode 98 - When IT decisions kill people
May 28, 2018
Episode 97 - Automation: Humans are slow and dumb
May 20, 2018
Episode 96 - Are legal backdoors a good idea?
May 11, 2018
Episode 95 - Twitter passwords and npm backdoors
May 07, 2018
Episode 94 - DNSSEC, BGP, and reality
Apr 30, 2018
Episode 93 - Security flaws in beep and patch, how did we get here?
Apr 15, 2018
Episode 92 - Chat with Rami Saas the CEO of WhiteSource
Apr 15, 2018
Episode 91 - Security lessons from a 7 year old
Apr 08, 2018
Episode 90 - Humans and misinformation
Apr 02, 2018
Episode 89 - Short selling AMD security flaws
Mar 25, 2018
Episode 88 - Chat with Chris Rosen from IBM about Container Security
Mar 18, 2018
Episode 87 - Chat with Let's Encrypt co-founder Josh Aas
Mar 11, 2018
Episode 86 - What happens when 23 thousand certificates leak?
Mar 03, 2018
Episode 85 - NPM ate my files
Feb 23, 2018
Episode 84 - Have I been pwned?
Feb 23, 2018
Episode 83 - XKCD + CVE = XKCVE
Feb 21, 2018
Episode 82 - RSA, TLS, Chrome HTTP, and PCI
Feb 13, 2018
Episode 81 - Autosploit, bug bounties, and the future of security
Feb 07, 2018
Episode 80 - GPS tracking and jamming
Jan 31, 2018
Episode 79 - Skyfall: please don't yell 'fire'
Jan 24, 2018
Episode 78 - Risk lessons from Hawaii
Jan 16, 2018
Episode 77 - npm and the supply chain
Jan 10, 2018
Episode 76 - Meltdown aftermath
Jan 07, 2018
Episode 75 - Security Planner review
Dec 19, 2017
Episode 74 - Facial recognition and physical security
Dec 13, 2017
Episode 73 - Security from Santa
Dec 06, 2017
Episode 72 - Bitcoin: It's over 9000
Nov 28, 2017
Episode 71 - GitHub's Security Scanner
Nov 21, 2017
Episode 70 - The security of Intel ME
Nov 14, 2017
Episode 69 - Actionable security advice
Nov 07, 2017
Episode 68 - Ruining the Internet
Nov 01, 2017
Episode 67 - Cyber won
Oct 24, 2017
Episode 66 - Objects in mirror are less terrible than they appear
Oct 15, 2017
Episode 65 - Will aliens overthrow us before AI?
Oct 09, 2017
Episode 64 - Networks and Dnsmasq and IoT oh my
Oct 03, 2017
Episode 63 - Shoot, Shovel, and Bury
Sep 26, 2017
Episode 62 - All about the Equifax hack
Sep 11, 2017
Episode 61 - Market driven security
Sep 05, 2017
Episode 60 - The official blockchain episode
Aug 30, 2017
Episode 59 - The VPN Episode
Aug 15, 2017
Episode 58 - Backwards compatibility to the point of insanity
Aug 09, 2017
Episode 57 - We may never see amazing security research ever again
Aug 01, 2017
Episode 56 - Devil's Advocate and other fuzzy topics
Jul 18, 2017
Episode 55 - Good Docs Ruin My Story
Jul 12, 2017
Episode 54 - Turning Into An Old Person
Jul 04, 2017
Episode 53 - A Plane Isn't Like A Car
Jun 28, 2017
Episode 52 - You Could Have Done It Right, But You Didn't
Jun 20, 2017
Episode 51 - All About CVE
Jun 12, 2017
Episode 50 - This Is A Security Podcast After All
Jun 06, 2017
Episode 49 - Testing Software Is Impossible
May 30, 2017
Episode 48 - Machine Learning: Not Actually Magic
May 21, 2017
Episode 47 - WannaCry: Everything Is Basically Broken
May 14, 2017
Episode 46 - Turns Out I'm Not A Bad Guy
May 04, 2017
Episode 45 - Trust Is More Important Now Than The Truth
May 02, 2017
Episode 44 - Bug Bounties Vs Pen Testing
Apr 25, 2017
Episode 43 - We Are Totally Immature
Apr 19, 2017
Episode 42 - Hitchhiker's Guide To Security
Apr 13, 2017
Episode 41 - All Your Money Are Belong To Us
Apr 10, 2017
Episode 40 - Let's Fork Bitcoin, Again
Apr 02, 2017
Episode 39 - Flash On Your Dishwasher
Mar 28, 2017
Episode 38 - We Ruin Everything
Mar 22, 2017
Episode 37 - Your Bathtub Is More Dangerous Than A Shark
Mar 09, 2017
Episode 36 - A Good Enough Podcast
Mar 05, 2017
Episode 35 - Crazy Cosmic Accident
Feb 28, 2017
Episode 34 - Bathing In Ebola Virus
Feb 22, 2017
Episode 33 - Everybody Who Went To The Circus Is In The Circus (RSA 2017)
Feb 15, 2017
Episode 32 - Gambling As A Service
Feb 08, 2017
Episode 31 - XML Is Never The Solution
Feb 01, 2017
Episode 30 - I'm Not An Expert But I've Been Yelled At By Experts
Jan 25, 2017
Episode 29 - The Security Of Rogue One
Jan 22, 2017
Episode 28 - RSA Conference 2017
Jan 19, 2017
Episode 27 - Prove To Me You Are Human
Jan 16, 2017
Episode 26 - Tell Your Sister, Stallman Was Right
Jan 12, 2017
Episode 25 - The Future Is Now
Jan 09, 2017
Episode 24 - The 2016 Prediction Edition
Jan 03, 2017
Episode 23 - We Can't Patch People
Dec 28, 2016
Episode 22 - IoT Wild West
Dec 24, 2016
Episode 21 - CVE 10K Extravaganza
Dec 21, 2016
Episode 20 - The Death Of PGP
Dec 19, 2016
Episode 19 - A Field Full Of Razor Blades And Monsters
Dec 13, 2016
Episode 18 - The Security Of Santa
Dec 09, 2016
Episode 17 - Cyphercon Interview With Korgo
Dec 06, 2016
Episode 16 - Cat And Mouse
Dec 02, 2016
Episode 15 - Cyber Black Monday
Nov 29, 2016
Episode 14 - David A Wheeler: CII Badges
Nov 22, 2016
Episode 13 - CVE: The Metric System Of Security
Nov 18, 2016
Episode 12 - Security Trebuchet
Nov 10, 2016
Episode 11 - The Poison Candy Episode
Oct 31, 2016
Episode 10 - The Super Botnet That Nobody Can Stop
Oct 24, 2016
Episode 9 - Are Bug Bounties Measuring The Wrong Things
Oct 18, 2016
Episode 8 - The Primality Of Prime Numbers
Oct 11, 2016
Episode 7 - More Powerful Than Root
Oct 03, 2016
Episode 6 - Foundational Knowledge Of Security
Sep 29, 2016
Episode 5 - OpenSSL: The Library We Deserve
Sep 29, 2016
Episode 4 - Dead Squirrel In A Box
Sep 21, 2016
Episode - 3 The Lockpicking Sewing Circle
Sep 13, 2016
Episode 2 - Instills The Proper Amount Of Fear
Sep 07, 2016
Episode 1 - Rich History Of Security Flaws
Sep 06, 2016