Open Source Security
By Josh Bressers
Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.
Image by Josh Bressers
Category: Technology
Open in Apple Podcasts
Open RSS feed
Open Website
Rate for this podcast
Subscribers: 195
Reviews: 1
Episodes: 473
Dec 13, 2018
A fairly decent dive into security related topics. The discussions are often lively and the topics relevant.
Description
Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works.
There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.
| Episode | Date |
|---|---|
|
CRA with Luis Villa
|
Mar 17, 2025 |
|
Open Source Malware with Brian Fox
|
Mar 10, 2025 |
|
Open Source Foundations with Kelley Misata of Suricata
|
Mar 03, 2025 |
|
Forking Open Source Projects with Sheogorath
|
Feb 24, 2025 |
|
Patching EOL Open Source with Aaron Frost
|
Feb 17, 2025 |
|
Why do we keep ignoring CI security with François Proulx
|
Feb 10, 2025 |
|
Modern day authentication with Marc Boorshtein
|
Feb 03, 2025 |
|
Government Security Requirements with Dick Brooks
|
Jan 27, 2025 |
|
Open Source Maintenance with Gary Kramlich
|
Jan 20, 2025 |
|
Safety vs Security with Thomas Depierre
|
Jan 13, 2025 |
|
The Future of Open Source Security
|
Jan 01, 2025 |
|
Episode 461 - The new NIST password guidance
|
Dec 30, 2024 |
|
Episode 460 - Santa's Supply Chain Security
|
Dec 23, 2024 |
|
Episode 459 - CWE Top 25 List
|
Dec 16, 2024 |
|
Episode 458 - FBI endorses E2E encryption
|
Dec 09, 2024 |
|
Episode 457 - The D-Link D-bacle
|
Dec 02, 2024 |
|
Episode 456 - What if XZ happened to a company? The openness of open source
|
Nov 25, 2024 |
|
Episode 455 - Wordpress plugin security
|
Nov 18, 2024 |
|
Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift
|
Nov 11, 2024 |
|
Episode 453 - Software Liability
|
Nov 04, 2024 |
|
Episode 452 - All about Meshtastic
|
Oct 28, 2024 |
|
Episode 451 - Python security with Seth Larson
|
Oct 21, 2024 |
|
Episode 450 - What's Wrong With WordPress
|
Oct 14, 2024 |
|
Episode 449 - The CUPSpocalypse
|
Oct 07, 2024 |
|
Episode 448 - What's wrong with CISA?
|
Sep 30, 2024 |
|
Episode 447 - The Tidelift 2024 open source maintainer report
|
Sep 23, 2024 |
|
Episode 446 - Researchers took over .MOBI TLD
|
Sep 16, 2024 |
|
Episode 445 - EPSS with Jay Jacobs
|
Sep 09, 2024 |
|
Episode 444 - Open Source and End of Life
|
Sep 02, 2024 |
|
Episode 443 - The Supply Chain Security Crisis
|
Aug 26, 2024 |
|
Episode 442 - The foundation of society, TLS certificates are a mess
|
Aug 19, 2024 |
|
Episode 441 - Is CWE useful?
|
Aug 12, 2024 |
|
Episode 440 - "What is open source" talk Josh gave
|
Aug 05, 2024 |
|
Episode 439 - Where are all the youth in open source?
|
Jul 29, 2024 |
|
Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice
|
Jul 22, 2024 |
|
Episode 437 - CocoPods and proper funding for open source
|
Jul 15, 2024 |
|
Episode 436 - OpenSSH and node-ip - it's all exponential growth
|
Jul 08, 2024 |
|
Episode 435 - polyfill.io - open source is too big to fix
|
Jul 01, 2024 |
|
Episode 434 - Unreported vulnerabilities and everyone is getting hacked
|
Jun 24, 2024 |
|
Episode 433 - Should OpenSSH block misbehaving clients?
|
Jun 17, 2024 |
|
Episode 432 - Flipper Zero with Alex Kulagin
|
Jun 10, 2024 |
|
Episode 431 - Redirecting HTTP to HTTPS
|
Jun 03, 2024 |
|
Episode 430 - Frozen kernel security
|
May 27, 2024 |
|
Episode 429 - The autonomy of open source developers
|
May 20, 2024 |
|
Episode 428 - GitHub artifact attestation
|
May 13, 2024 |
|
Episode 427 - Will run0 replace sudo?
|
May 06, 2024 |
|
Episode 426 - Automatically exploiting CVEs with AI
|
Apr 29, 2024 |
|
Episode 425 - Video game cheaters, also pretendo
|
Apr 22, 2024 |
|
Episode 424 - The Notepad++ Parasite Website
|
Apr 15, 2024 |
|
Episode 423 - FCC cybersecurity label for consumer devices
|
Apr 08, 2024 |
|
XZ Bonus Spectacular Episode
|
Apr 01, 2024 |
|
Episode 422 - Do you have a security.txt file?
|
Apr 01, 2024 |
|
Episode 421 - CISA's new SSDF attestation form
|
Mar 25, 2024 |
|
Episode 420 - What's going on at NVD
|
Mar 18, 2024 |
|
Episode 419 - Malicious GitHub repositories
|
Mar 11, 2024 |
|
Episode 418 - Being right all the time is hard
|
Mar 04, 2024 |
|
Episode 417 - Linux Kernel security with Greg K-H
|
Feb 26, 2024 |
|
Episode 416 - Thomas Depierre on open source in Europe
|
Feb 19, 2024 |
|
Episode 415 - Reducing attack surface for less security
|
Feb 12, 2024 |
|
Episode 414 - The exploited ecosystem of open source
|
Feb 05, 2024 |
|
Episode 413 - PyTorch and NPM get attacked, but it's OK
|
Jan 29, 2024 |
|
Episode 412 - Blame the users for bad passwords!
|
Jan 22, 2024 |
|
Episode 411 - The security tools that started it all
|
Jan 15, 2024 |
|
Episode 410 - Package identifiers are really hard
|
Jan 08, 2024 |
|
Episode 409 - You wouldn't hack a train?
|
Jan 01, 2024 |
|
Episode 408 - Does Kubernetes need long term support?
|
Dec 25, 2023 |
|
Episode 407 - Should Santa use AI?
|
Dec 18, 2023 |
|
Episode 406 - The security of radio
|
Dec 11, 2023 |
|
Episode 405 - Modding games isn't cheating and security isn't fair
|
Dec 04, 2023 |
|
Episode 403 - Does the government banning apps work?
|
Nov 27, 2023 |
|
Episode 402 - The EU's eIDAS regulation is a terrible idea
|
Nov 20, 2023 |
|
Episode 401 - Security skills shortage - We've tried nothing and the same thing keeps happening
|
Nov 13, 2023 |
|
Episode 400 - When can the government hack a victim?
|
Nov 06, 2023 |
|
Episode 399 - Curl, Security, and Daniel Stenberg
|
Oct 30, 2023 |
|
Episode 398 - Is only 11% of open source maintained?
|
Oct 23, 2023 |
|
Episode 397 - The curl and glibc vulnerabilities
|
Oct 16, 2023 |
|
Episode 396 - CLAs are bad, Mkay?
|
Oct 09, 2023 |
|
Episode 395 - Uncertainty, trust, and security
|
Oct 02, 2023 |
|
Episode 394 - The lie anyone can contribute to open source
|
Sep 25, 2023 |
|
Episode 393 - Can you secure something you don't own?
|
Sep 18, 2023 |
|
Episode 392 - Curl and the calamity of CVE
|
Sep 11, 2023 |
|
Episode 391 - The Wordpress 100 year disaster recovery problem
|
Sep 04, 2023 |
|
Episode 390 - Rust shipping binaries doesn't matter
|
Aug 28, 2023 |
|
Episode 389 - What would HashiCorp do?
|
Aug 21, 2023 |
|
Episode 388 - Video game vulnerabilities
|
Aug 14, 2023 |
|
Episode 387 - Enterprise open source is different
|
Aug 07, 2023 |
|
Episode 386 - We are watching web 2.0 burn
|
Jul 31, 2023 |
|
Episode 385 - Is open source an insider threat?
|
Jul 24, 2023 |
|
Episode 384 - What's next for open source?
|
Jul 17, 2023 |
|
Episode 383 - Is open source dying?
|
Jul 10, 2023 |
|
Episode 382 - Red Hat, you were the chosen one!
|
Jul 03, 2023 |
|
Episode 381 - WTF Reddit, APIs and risk
|
Jun 26, 2023 |
|
Episode 380 - A new Sovereign Tech Fund program and the BBC on destroying hard drives
|
Jun 19, 2023 |
|
Episode 379 - Will open source save the world, again?
|
Jun 12, 2023 |
|
Episode 378 - Naming things is harder than security
|
Jun 05, 2023 |
|
Episode 377 - The world is changing too fast for humans to understand
|
May 29, 2023 |
|
Episode 376 - Open Source Summit, who built your open source, and AI
|
May 22, 2023 |
|
Episode 375 - The market forces of left-pad, Episode 77 remaster part 2
|
May 15, 2023 |
|
Episode 374 - The event we called left-pad, Episode 77 remaster part 1
|
May 08, 2023 |
|
Episode 373 – HHGG security, Episode 42 remaster part 2
|
May 01, 2023 |
|
Episode 372 - HHGG security, Episode 42 remaster part 1
|
Apr 24, 2023 |
|
Episode 371 - pip install is the tool we deserve but not the tool we need
|
Apr 17, 2023 |
|
Episode 370 - Open Source is bigger than you can imagine
|
Apr 10, 2023 |
|
Episode 369 - OpenAI broke ChatGPT then tried to blame open source
|
Apr 03, 2023 |
|
Episode 368 - The Sovereign Tech Fund with Fiona Krakenbürger
|
Mar 27, 2023 |
|
Episode 367 - Open source will never be the same
|
Mar 20, 2023 |
|
Episode 366 - Software liability is coming
|
Mar 13, 2023 |
|
Episode 365 - "I am not your supplier" with Thomas Depierre
|
Mar 06, 2023 |
|
Episode 364 - Using SBOMs is hard
|
Feb 27, 2023 |
|
Episode 363 - Joylynn Kirui from Microsoft on DevSecOps
|
Feb 20, 2023 |
|
Episode 362 - A lesson in Rust from Carol Nichols
|
Feb 13, 2023 |
|
Episode 361 - GitHub got pwnt, but it wasn't very exciting
|
Feb 06, 2023 |
|
Episode 360 - Memory safety and the NSA
|
Jan 30, 2023 |
|
Episode 359 - The NOTAM outage and other legacy technology
|
Jan 23, 2023 |
|
Episode 358 - Furby vs Alexa
|
Jan 16, 2023 |
|
Episode 357 - Is open source being overexploited?
|
Jan 09, 2023 |
|
Episode 356 - LastPass ducked up, now what?
|
Jan 02, 2023 |
|
Episode 355 - Security Boxing Day
|
Dec 26, 2022 |
|
Episode 354 - Jerry Bell tells us why Mastodon is awesome and MFA is hard
|
Dec 19, 2022 |
|
Episode 353 - Jill Moné-Corallo on GitHub's bug bounty program
|
Dec 12, 2022 |
|
Episode 352 - Stylometry removes anonymity
|
Dec 05, 2022 |
|
Episode 351 - Is security or usability a law of the universe?
|
Nov 28, 2022 |
|
Episode 350 - Spam, Email, Content Moderation, and Infrastructure Oh My
|
Nov 21, 2022 |
|
Episode 349 - The cyber is coming from inside the house - the UK is scanning itself
|
Nov 14, 2022 |
|
Episode 348 - OpenSSL is the new lead paint
|
Nov 07, 2022 |
|
Episode 347 - Airtags in luggage and weasel security - two peas in a suitcase
|
Oct 31, 2022 |
|
Episode 346 - Security and working from home have terrible things in common
|
Oct 24, 2022 |
|
Episode 345 - Cheap hacking devices turn security upside down
|
Oct 17, 2022 |
|
Episode 344 - Python tarfile - 2022 is nothing like 2007
|
Oct 10, 2022 |
|
Episode 343 - Stop trying to fix the open source software supply chain
|
Oct 03, 2022 |
|
Episode 342 - Programming languages are the new operating system
|
Sep 26, 2022 |
|
Episode 341 - Time till open source alternative
|
Sep 19, 2022 |
|
Episode 340 - Let's chat about Let's Encrypt with Josh Aas
|
Sep 12, 2022 |
|
Episode 339 - Is a network problem a security vulnerability
|
Sep 05, 2022 |
|
Episode 338 - The government didn't make vulnerabilities illegal. Yet.
|
Aug 29, 2022 |
|
Episode 337 - Security patches are getting worse - Dustin Childs from ZDI tells us why
|
Aug 22, 2022 |
|
Episode 336 - We don't have data, we have security biases
|
Aug 15, 2022 |
|
Episode 335 - Bull*&$% security ideas
|
Aug 08, 2022 |
|
Episode 334 - Leap seconds break everything
|
Aug 01, 2022 |
|
Episode 333 - Open Source is unfair
|
Jul 25, 2022 |
|
Episode 332 - PyPI: 2FA or not 2FA, that is the question
|
Jul 18, 2022 |
|
Episode 331 - GPG, but nothing makes sense
|
Jul 11, 2022 |
|
Episode 330 - The sliding scale of risk: seeing the forest for the trees
|
Jul 04, 2022 |
|
Episode 329 - Signing (What is it good for)
|
Jun 27, 2022 |
|
Episode 328 - The Security of Jobs or Job Security
|
Jun 20, 2022 |
|
Episode 327 - The security of alert fatigue
|
Jun 13, 2022 |
|
Episode 326 - Big fat containers
|
Jun 06, 2022 |
|
Episode 325 - Is one open source maintainer enough?
|
May 30, 2022 |
|
Episode 324 - WTF is up with WFH
|
May 23, 2022 |
|
Episode 323 - The fake 7-Zip vulnerability and SBOM
|
May 16, 2022 |
|
Episode 322 - Adam Shostack on the security of Star Wars
|
May 09, 2022 |
|
Episode 321 - Relativistic Security: Project Zero on 0day
|
May 02, 2022 |
|
Episode 320 - Security Twitter is not the real world
|
Apr 25, 2022 |
|
Episode 319 - Patch Tuesday with a capital T
|
Apr 18, 2022 |
|
Episode 318 - Social engineering and why zlib got a 2018 CVE ID
|
Apr 11, 2022 |
|
Episode 317 - The lack of compromise in security
|
Apr 04, 2022 |
|
Episode 316 - You have to use open source
|
Mar 28, 2022 |
|
Episode 315 - Who even makes all these terrible decisions?
|
Mar 21, 2022 |
|
Episode 314 - The Linux Dirty Pipe vulnerability
|
Mar 14, 2022 |
|
Episode 313 - Insecurity at scale
|
Mar 07, 2022 |
|
Episode 312 - The Legend of the SBOM
|
Feb 28, 2022 |
|
Episode 311 - Did you scan the QR code?
|
Feb 21, 2022 |
|
Episode 310 - Hayley Tsukayama from the EFF talks about privacy
|
Feb 14, 2022 |
|
Episode 309 - The bright future of open source security
|
Feb 07, 2022 |
|
Episode 308 - Welcome to the jungle - How to talk about open source security
|
Jan 31, 2022 |
|
Episode 307 - Got vulnerabilities? Introducing GSD
|
Jan 24, 2022 |
|
Episode 306 - Open source isn't broken, it's an experience
|
Jan 17, 2022 |
|
Episode 305 - Norton, Ethereum, NFT, and Apes
|
Jan 10, 2022 |
|
Episode 304 - Will we ever fix all the vulnerabilities?
|
Jan 03, 2022 |
|
Episode 303 - Log4j Christmas Spectacular!
|
Dec 27, 2021 |
|
Episode 302 - Log4j is a mess
|
Dec 20, 2021 |
|
Episode 301 - You're holding it wrong: the importance of unlearning
|
Dec 13, 2021 |
|
Episode 300 - Apple vs NSO: What can copyright do for you?
|
Dec 06, 2021 |
|
Episode 299 - Experts From A World That No Longer Exists
|
Nov 29, 2021 |
|
Episode 298 - David A Wheeler discusses the OpenSSF
|
Nov 22, 2021 |
|
Episode 297 - 25 years of smashing stacks, fun, and profit
|
Nov 15, 2021 |
|
Episode 296 - Is Trojan Source a vulnerability?
|
Nov 08, 2021 |
|
Episode 295 - Open source security isn't free
|
Nov 01, 2021 |
|
Episode 294 - Chris Wysopal on the state of security education
|
Oct 25, 2021 |
|
Episode 293 - Scoring OpenSSF Security Scoring
|
Oct 18, 2021 |
|
Episode 292 - Apache RCE and Twitch epic pwn
|
Oct 11, 2021 |
|
Episode 291 - Everyone sucks at vulnerability disclosure
|
Oct 04, 2021 |
|
Episode 290 - The security of the Matrix
|
Sep 27, 2021 |
|
Episode 289 - Who left this 0day on the floor?
|
Sep 20, 2021 |
|
Episode 288 - Linux Kernel compiler warnings considered dangerous
|
Sep 13, 2021 |
|
Episode 287 - Is GitHub's Copilot the new Clippy?
|
Sep 06, 2021 |
|
Episode 286 - Open source supply chain with Google's Dan Lorenc
|
Aug 30, 2021 |
|
Episode 285 - Open source owes you nothing!
|
Aug 23, 2021 |
|
Episode 284 - What happens when we DRM power tools?
|
Aug 16, 2021 |
|
Episode 283 - When vulnerability disclosure becomes dangerous
|
Aug 09, 2021 |
|
Episode 282 - The security of Rust: who left all this awesome in here?
|
Aug 02, 2021 |
|
Episode 281 - If you spy on journalists, you're the bad guys
|
Jul 26, 2021 |
|
Episode 280 - The perils of Single Sign On
|
Jul 19, 2021 |
|
Episode 279 - The audacity of Audacity: When open source goes rogue
|
Jul 12, 2021 |
|
Episode 278 - Could SELinux have stopped SolarWinds?
|
Jul 05, 2021 |
|
Episode 277 - Privacy and activism with Chris Weiland
|
Jun 28, 2021 |
|
Episode 276 - Security, behavior, and the environment
|
Jun 21, 2021 |
|
Episode 275 - What in the @#$% is going on with ransomware?
|
Jun 14, 2021 |
|
Episode 274 - Mr. Amazon's Neighborhood
|
Jun 07, 2021 |
|
Episode 273 - Can we stop the coming artificial unintelligence deluge?
|
May 31, 2021 |
|
Episode 272 - The Biden Cybersecurity Executive Order
|
May 24, 2021 |
|
Episode 271 - Pipeline security: There is no problem humans can't make worse
|
May 17, 2021 |
|
Episode 270 - Hello dark patterns my old friend
|
May 10, 2021 |
|
Episode 269 - Do not experiment on the Linux Kernel
|
May 03, 2021 |
|
Episode 268 - Can we trust any 3rd parties?
|
Apr 26, 2021 |
|
Episode 267 - Does 0day still mean 0day?
|
Apr 19, 2021 |
|
Episode 266 - The future of security scanning with Debricked
|
Apr 12, 2021 |
|
Episode 265 - The lies closed source can tell, open source can't
|
Apr 05, 2021 |
|
Episode 264 - DevSecOps with GitLab's Mark Loveless
|
Mar 29, 2021 |
|
Episode 263 - GitHub pulls exploits, LinuxFoundation sign all the things
|
Mar 22, 2021 |
|
Episode 262 - A discussion with Loris and Pop from Sysdig
|
Mar 15, 2021 |
|
Episode 261 - DWF is back! Welcome to community powered CVE
|
Mar 08, 2021 |
|
Episode 260 - Dave Jevans tells us what CipherTrace is up to
|
Mar 01, 2021 |
|
Episode 259 - What even is open source anymore?
|
Feb 22, 2021 |
|
Episode 258 - Stop using C
|
Feb 15, 2021 |
|
Episode 257 - The sudo and libgcrypt vulnerabilities
|
Feb 08, 2021 |
|
Episode 256 - 9 bits of podcast, 8 bits of computing
|
Feb 01, 2021 |
|
Episode 255 - What if security wasn't joyless?
|
Jan 25, 2021 |
|
Episode 254 - Right to Repair Security
|
Jan 18, 2021 |
|
Episode 253 - Defenders only need to be right once
|
Jan 11, 2021 |
|
Episode 252 - Is open source dangerous? Open source won, who cares, shut up!
|
Jan 04, 2021 |
|
Episode 251 - Communication is hard, security communication is more hard
|
Dec 28, 2020 |
|
Episode 250 - Door 25: Why do we do the things we do? Question everything
|
Dec 25, 2020 |
|
Episode 249 - Door 24: Information wants to be free
|
Dec 24, 2020 |
|
Episode 248 - Door 23: How to report 1000 security flaws
|
Dec 23, 2020 |
|
Episode 247 - Door 22: How to report one security flaw
|
Dec 22, 2020 |
|
Episode 246 - Door 21: Bug bounties
|
Dec 21, 2020 |
|
Episode 245 - Door 20: Is SMS 2FA better than no 2FA?
|
Dec 20, 2020 |
|
Episode 244 - Door 19: TLS certificate trust
|
Dec 19, 2020 |
|
Episode 243 - Door 18: Don't roll your own crypto or auth
|
Dec 18, 2020 |
|
Episode 242 - Door 17: Vulnerability response
|
Dec 17, 2020 |
|
Episode 241 - Door 16: 16 bits of change
|
Dec 16, 2020 |
|
Episode 240 - Door 15: Supplier compliance
|
Dec 15, 2020 |
|
Episode 239 - Door 14: Backdoors
|
Dec 14, 2020 |
|
Episode 238 - Door 13: Unlucky or survivor bias?
|
Dec 13, 2020 |
|
Episode 237 - Door 12: Video game hacking
|
Dec 12, 2020 |
|
Episode 236 - Door 11: Should you get on a 737?
|
Dec 11, 2020 |
|
Episode 235 - Door 10: Deciding what information matters
|
Dec 10, 2020 |
|
Episode 234 - Door 09: public key cryptography
|
Dec 09, 2020 |
|
Episode 233 - Door 08: man 8 security
|
Dec 08, 2020 |
|
Episode 232 - Door 07: 7 is the best prime, 2 is the dumbest
|
Dec 07, 2020 |
|
Episode 231 - Door 06: 6 wifi risks ... that don't actually matter
|
Dec 06, 2020 |
|
Episode 230 - Door 05: 5 reasons you need 24/7 robot monitoring
|
Dec 05, 2020 |
|
Episode 229 - Door 04: EFF's Cover Your Tracks
|
Dec 04, 2020 |
|
Episode 228 - Door 03: Do all vulnerabilities matter equally?
|
Dec 03, 2020 |
|
Episode 227 - Door 02: Marketing department or selection bias?
|
Dec 02, 2020 |
|
Episode 226 - Door 01: Advent calendars
|
Dec 01, 2020 |
|
Episode 225 - Who is responsible if IoT burns down your house?
|
Nov 23, 2020 |
|
Episode 224 - Are old Android devices dangerous?
|
Nov 16, 2020 |
|
Episode 223 - Full disclosure won, deal with it
|
Nov 09, 2020 |
|
Episode 222 - HashiCorp Boundary with Jeff Mitchell
|
Nov 02, 2020 |
|
Episode 221 - Security, magic, and FaceID
|
Oct 26, 2020 |
|
Episode 220 - Securing network time and IoT
|
Oct 19, 2020 |
|
Episode 219 - Chat with Larry Cashdollar
|
Oct 12, 2020 |
|
Episode 218 - The past was a terrible place
|
Oct 05, 2020 |
|
Episode 217 - How to tell your story with Travis Murdock
|
Sep 28, 2020 |
|
Episode 216 - Security didn't find life on Venus
|
Sep 21, 2020 |
|
Episode 215 - Real security is boring
|
Sep 14, 2020 |
|
Episode 213 - Security Signals: What are you telling the world
|
Sep 07, 2020 |
|
Episode 212 - Grab Bag: The Security We Deserve Edition
|
Aug 31, 2020 |
|
Episode 211 - The only thing harder than signing files is managing users
|
Aug 24, 2020 |
|
Episode 210 - Cult of Information Security
|
Aug 17, 2020 |
|
Episode 209 - Secure Boot isn't Secure
|
Aug 10, 2020 |
|
Episode 208 - Passwords are pollution
|
Aug 03, 2020 |
|
Episode 207 - Weaponized attention
|
Jul 27, 2020 |
|
Episode 206 - Confidential Virtual Machines; The future of cloud computing
|
Jul 20, 2020 |
|
Episode 205 - The State of Open Source Security with Alyssa Miller from Snyk
|
Jul 13, 2020 |
|
Episode 204 - What Would Apple Do?
|
Jul 06, 2020 |
|
Episode 203 - Humans, conferences, and security: let me think and get back to you in a bit
|
Jun 29, 2020 |
|
Episode 202 - The convergence of application security
|
Jun 22, 2020 |
|
Episode 201 - We broke CVSSv3, now how do we fix it?
|
Jun 15, 2020 |
|
Episode 200 - Talking Container Security with Liz Rice
|
Jun 08, 2020 |
|
Episode 199 - Special cases are special: DNS, Websockets, and CSV
|
Jun 01, 2020 |
|
Episode 198 - Good advice or bad advice? Hang up, look up, and call back
|
May 25, 2020 |
|
Episode 197 - Beer, security, and consistency; the newer, better, triad
|
May 17, 2020 |
|
Episode 196 - Pounding square solutions into round holes: forced updates from Ubuntu
|
May 11, 2020 |
|
Episode 195 - Is BGP actually insecure?
|
May 04, 2020 |
|
Episode 194 - Working from home security: resistance is futile
|
Apr 27, 2020 |
|
Episode 193 - Security lessons from space: Apollo 13 edition
|
Apr 20, 2020 |
|
Episode 192 - Work without progress - what Infosec can learn from treadmills
|
Apr 13, 2020 |
|
Episode 191 - Security scanners are all terrible
|
Apr 06, 2020 |
|
Episode 190 - Building a talent "ecosystem"
|
Apr 05, 2020 |
|
Episode 189 - Video game hackers - speedrunning
|
Mar 30, 2020 |
|
Episode 188 - Depressing news sucks, we're talking about cheating in video games
|
Mar 23, 2020 |
|
Episode 187 - Wireguard vs IPsec: the OK Boomer of security
|
Mar 15, 2020 |
|
Episode 186 - Endpoint security with Tony Meehan
|
Mar 08, 2020 |
|
Episode 185 - Is it even possible to fix open source security?
|
Mar 02, 2020 |
|
Episode 184 - It’s DNS. It's always DNS
|
Feb 24, 2020 |
|
Episode 183 - The great working from home experiment
|
Feb 17, 2020 |
|
Episode 182 - Does open source owe us anything?
|
Feb 10, 2020 |
|
Episode 181 - The security of SIM swapping
|
Feb 03, 2020 |
|
Episode 180 - A Tale of Two Vulnerabilities
|
Jan 27, 2020 |
|
Episode 179 - Google Project Zero and the 90 day clock
|
Jan 20, 2020 |
|
Episode 178 - Are CVEs important and will ransomware put you out of business?
|
Jan 13, 2020 |
|
Episode 177 - Fake or real? The security of counterfeit goods
|
Jan 06, 2020 |
|
Episode 176 - The 'predictions are stupid' prediction episode
|
Dec 30, 2019 |
|
Episode 175 - Defenders will always be one step behind
|
Dec 23, 2019 |
|
Episode 174 - GitHub turns security up to 11; A discussion with Rob Schultheis
|
Dec 16, 2019 |
|
Episode 173 - Ho Ho Homeland Security
|
Dec 09, 2019 |
|
Episode 172 - The security of planned obsolescence
|
Dec 02, 2019 |
|
Episode 171 - Measuring cybersecurity with Kathryn Waldron
|
Nov 25, 2019 |
|
Episode 170 - Until that quantum computer is cracking RSA keys, go sit back down!
|
Nov 17, 2019 |
|
Episode 169 - What happens when leadership doesn't care about security?
|
Nov 11, 2019 |
|
Episode 168 - The draconian draconians of DRM
|
Nov 03, 2019 |
|
Episode 167 - Security is terrible because digital literacy is terrible
|
Oct 28, 2019 |
|
Episode 166 - Every day should be cybersecurity awareness month!
|
Oct 21, 2019 |
|
Episode 165 - Grab Bag of Microsoft Security News
|
Oct 13, 2019 |
|
Episode 164 - DNS over HTTPS: Probably not the end of the world
|
Oct 07, 2019 |
|
Episode 163 - Death to Python 2
|
Sep 30, 2019 |
|
Episode 162 - SBOM with Allan Friedman
|
Sep 23, 2019 |
|
Episode 161 - Human nature and ad powered open source
|
Sep 16, 2019 |
|
Episode 160 - Disclosing security issues is insanely complicated: Part 2
|
Sep 09, 2019 |
|
Episode 159 - Disclosing security issues is insanely complicated: Part 1
|
Sep 02, 2019 |
|
Episode 158 - The mess that we call credit agencies in the US
|
Aug 26, 2019 |
|
Episode 157 - Backdoors and snake oil in our cryptography
|
Aug 19, 2019 |
|
Episode 156 - What if we MitM a whole country?
|
Jul 29, 2019 |
|
Episode 155 - Stealing cars and ransomware
|
Jul 22, 2019 |
|
Episode 154 - Chat with the authors of the book "The Fifth Domain"
|
Jul 16, 2019 |
|
Episode 153 - The unexpected security of AI, photographs, and VPN
|
Jul 08, 2019 |
|
Episode 152 - Tavis breaks the world ... again
|
Jul 01, 2019 |
|
Episode 151 - The DARPA Cyber Grand Challenge with David Brumley
|
Jun 24, 2019 |
|
Episode 150 - Our ad funded dystopian present
|
Jun 17, 2019 |
|
Episode 149 - Chat with Michael Coates about data security
|
Jun 10, 2019 |
|
Episode 148 - You just got pwnt, what now?
|
Jun 03, 2019 |
|
Episode 147 - Scams and operations as part of the supply chain
|
May 27, 2019 |
|
Episode 146 - What the @#$% happened to Microsoft?
|
May 20, 2019 |
|
Episode 145 - What do security and fire have in common?
|
May 13, 2019 |
|
Episode 144 - The security of money, which one is best?
|
May 06, 2019 |
|
Episode 143 - Security lessons from the phone book
|
Apr 29, 2019 |
|
Episode 142 - Hypothetical security: what if you find a USB flash drive?
|
Apr 21, 2019 |
|
Episode 141 - Timezones are hard, security is harder
|
Apr 15, 2019 |
|
Episode 140 - Good enough security is a pretty high bar
|
Apr 08, 2019 |
|
Episode 139 - Secure voting, firefox send, and toxic comments on the internet
|
Apr 01, 2019 |
|
Episode 138 - Information wants to be free
|
Mar 25, 2019 |
|
Episode 137.5 - Holy cow Beto was in the cDc, this is awesome!
|
Mar 18, 2019 |
|
Episode 137 - When the IoT attacks!
|
Mar 11, 2019 |
|
Episode 136 - How people feel is more important than being right
|
Mar 04, 2019 |
|
Episode 135 - Passwords, AI, and cloud strategy
|
Feb 25, 2019 |
|
Episode 134 - What's up with the container runc security flaw?
|
Feb 18, 2019 |
|
Episode 133 - Smart locks and the government hacking devices
|
Feb 11, 2019 |
|
Episode 132 - Bird Scooter: 0, Cory Doctorow: 1
|
Feb 04, 2019 |
|
Episode 131 - Windows micropatches, Google's privacy fine, and Mastercard fixes trial abuse
|
Jan 28, 2019 |
|
Episode 130 - Chat with Snyk co-founder Danny Grander
|
Jan 21, 2019 |
|
Episode 129 - The EU bug bounty program
|
Jan 14, 2019 |
|
Episode 128 - Australia's encryption backdoor bill
|
Jan 07, 2019 |
|
2018 Christmas Special - Is Santa GDPR compliant?
|
Dec 24, 2018 |
|
Episode 127 - Walled gardens, appstores, and more
|
Dec 17, 2018 |
|
Episode 126 - The not so dire future of supply chain security
|
Dec 10, 2018 |
|
Episode 125 - Open Source, supply chains, npm, and you
|
Dec 03, 2018 |
|
Episode 124 - Cloudflare's service workers and the economics of security
|
Nov 26, 2018 |
|
Episode 123 - Talking about Kubernetes and container security with Liz Rice
|
Nov 19, 2018 |
|
Episode 122 - What will Apple's T2 chip mean for the rest of us?
|
Nov 12, 2018 |
|
Episode 121 - All about the security of voting
|
Nov 05, 2018 |
|
Episode 120 - Bloomberg and hardware backdoors - it's already happening
|
Oct 29, 2018 |
|
Episode 119 - The Google+ and Facebook incidents, it's not your data anymore
|
Oct 22, 2018 |
|
Episode 118 - Cloudflare's IPFS and onion service
|
Oct 15, 2018 |
|
Episode 117 - Will security follow Linus' lead on being nice?
|
Oct 08, 2018 |
|
Episode 116 - The future of the CISO with Michael Piacente
|
Oct 01, 2018 |
|
Episode 115 - Discussion with Brian Hajost from SteelCloud
|
Sep 24, 2018 |
|
Episode 114 - Review of "Click Here to Kill Everybody"
|
Sep 17, 2018 |
|
Episode 113 - Actual real security advice
|
Sep 10, 2018 |
|
Episode 112 - Google's Titan Key and the latest Struts issue
|
Sep 03, 2018 |
|
Episode 111 - The TLS 1.3 and DNS episode
|
Aug 27, 2018 |
|
Episode 110 - Review of Black Hat, Defcon, and the effect of security policies
|
Aug 19, 2018 |
|
Episode 109 - OSCon and actionable advice
|
Aug 13, 2018 |
|
Episode 108 - Bluetooth, phishing, airgaps, and eating soup off the floor
|
Aug 06, 2018 |
|
Episode 107 - The year of the Linux Desktop and other hardware stories
|
Jul 30, 2018 |
|
Episode 106 - Data isn't oil, it's nuclear waste
|
Jul 23, 2018 |
|
Episode 105 - More backdoors in open source
|
Jul 16, 2018 |
|
Episode 104 - The Gentoo security incident
|
Jul 09, 2018 |
|
Episode 103 - The Seven Properties of Highly Secure Devices
|
Jul 02, 2018 |
|
Episode 102 - Michael Feiertag from tCell
|
Jun 25, 2018 |
|
Episode 101 - Our unregulated future is here to stay
|
Jun 17, 2018 |
|
Episode 100 - You're bad at buying security, we can help!
|
Jun 11, 2018 |
|
Episode 99 - Consumer security is too broken to fix, and it doesn't matter
|
Jun 04, 2018 |
|
Episode 98 - When IT decisions kill people
|
May 28, 2018 |
|
Episode 97 - Automation: Humans are slow and dumb
|
May 20, 2018 |
|
Episode 96 - Are legal backdoors a good idea?
|
May 11, 2018 |
|
Episode 95 - Twitter passwords and npm backdoors
|
May 07, 2018 |
|
Episode 94 - DNSSEC, BGP, and reality
|
Apr 30, 2018 |
|
Episode 93 - Security flaws in beep and patch, how did we get here?
|
Apr 15, 2018 |
|
Episode 92 - Chat with Rami Saas the CEO of WhiteSource
|
Apr 15, 2018 |
|
Episode 91 - Security lessons from a 7 year old
|
Apr 08, 2018 |
|
Episode 90 - Humans and misinformation
|
Apr 02, 2018 |
|
Episode 89 - Short selling AMD security flaws
|
Mar 25, 2018 |
|
Episode 88 - Chat with Chris Rosen from IBM about Container Security
|
Mar 18, 2018 |
|
Episode 87 - Chat with Let's Encrypt co-founder Josh Aas
|
Mar 11, 2018 |
|
Episode 86 - What happens when 23 thousand certificates leak?
|
Mar 03, 2018 |
|
Episode 85 - NPM ate my files
|
Feb 23, 2018 |
|
Episode 84 - Have I been pwned?
|
Feb 23, 2018 |
|
Episode 83 - XKCD + CVE = XKCVE
|
Feb 21, 2018 |
|
Episode 82 - RSA, TLS, Chrome HTTP, and PCI
|
Feb 13, 2018 |
|
Episode 81 - Autosploit, bug bounties, and the future of security
|
Feb 07, 2018 |
|
Episode 80 - GPS tracking and jamming
|
Jan 31, 2018 |
|
Episode 79 - Skyfall: please don't yell 'fire'
|
Jan 24, 2018 |
|
Episode 78 - Risk lessons from Hawaii
|
Jan 16, 2018 |
|
Episode 77 - npm and the supply chain
|
Jan 10, 2018 |
|
Episode 76 - Meltdown aftermath
|
Jan 07, 2018 |
|
Episode 75 - Security Planner review
|
Dec 19, 2017 |
|
Episode 74 - Facial recognition and physical security
|
Dec 13, 2017 |
|
Episode 73 - Security from Santa
|
Dec 06, 2017 |
|
Episode 72 - Bitcoin: It's over 9000
|
Nov 28, 2017 |
|
Episode 71 - GitHub's Security Scanner
|
Nov 21, 2017 |
|
Episode 70 - The security of Intel ME
|
Nov 14, 2017 |
|
Episode 69 - Actionable security advice
|
Nov 07, 2017 |
|
Episode 68 - Ruining the Internet
|
Nov 01, 2017 |
|
Episode 67 - Cyber won
|
Oct 24, 2017 |
|
Episode 66 - Objects in mirror are less terrible than they appear
|
Oct 15, 2017 |
|
Episode 65 - Will aliens overthrow us before AI?
|
Oct 09, 2017 |
|
Episode 64 - Networks and Dnsmasq and IoT oh my
|
Oct 03, 2017 |
|
Episode 63 - Shoot, Shovel, and Bury
|
Sep 26, 2017 |
|
Episode 62 - All about the Equifax hack
|
Sep 11, 2017 |
|
Episode 61 - Market driven security
|
Sep 05, 2017 |
|
Episode 60 - The official blockchain episode
|
Aug 30, 2017 |
|
Episode 59 - The VPN Episode
|
Aug 15, 2017 |
|
Episode 58 - Backwards compatibility to the point of insanity
|
Aug 09, 2017 |
|
Episode 57 - We may never see amazing security research ever again
|
Aug 01, 2017 |
|
Episode 56 - Devil's Advocate and other fuzzy topics
|
Jul 18, 2017 |
|
Episode 55 - Good Docs Ruin My Story
|
Jul 12, 2017 |
|
Episode 54 - Turning Into An Old Person
|
Jul 04, 2017 |
|
Episode 53 - A Plane Isn't Like A Car
|
Jun 28, 2017 |
|
Episode 52 - You Could Have Done It Right, But You Didn't
|
Jun 20, 2017 |
|
Episode 51 - All About CVE
|
Jun 12, 2017 |
|
Episode 50 - This Is A Security Podcast After All
|
Jun 06, 2017 |
|
Episode 49 - Testing Software Is Impossible
|
May 30, 2017 |
|
Episode 48 - Machine Learning: Not Actually Magic
|
May 21, 2017 |
|
Episode 47 - WannaCry: Everything Is Basically Broken
|
May 14, 2017 |
|
Episode 46 - Turns Out I'm Not A Bad Guy
|
May 04, 2017 |
|
Episode 45 - Trust Is More Important Now Than The Truth
|
May 02, 2017 |
|
Episode 44 - Bug Bounties Vs Pen Testing
|
Apr 25, 2017 |
|
Episode 43 - We Are Totally Immature
|
Apr 19, 2017 |
|
Episode 42 - Hitchhiker's Guide To Security
|
Apr 13, 2017 |
|
Episode 41 - All Your Money Are Belong To Us
|
Apr 10, 2017 |
|
Episode 40 - Let's Fork Bitcoin, Again
|
Apr 02, 2017 |
|
Episode 39 - Flash On Your Dishwasher
|
Mar 28, 2017 |
|
Episode 38 - We Ruin Everything
|
Mar 22, 2017 |
|
Episode 37 - Your Bathtub Is More Dangerous Than A Shark
|
Mar 09, 2017 |
|
Episode 36 - A Good Enough Podcast
|
Mar 05, 2017 |
|
Episode 35 - Crazy Cosmic Accident
|
Feb 28, 2017 |
|
Episode 34 - Bathing In Ebola Virus
|
Feb 22, 2017 |
|
Episode 33 - Everybody Who Went To The Circus Is In The Circus (RSA 2017)
|
Feb 15, 2017 |
|
Episode 32 - Gambling As A Service
|
Feb 08, 2017 |
|
Episode 31 - XML Is Never The Solution
|
Feb 01, 2017 |
|
Episode 30 - I'm Not An Expert But I've Been Yelled At By Experts
|
Jan 25, 2017 |
|
Episode 29 - The Security Of Rogue One
|
Jan 22, 2017 |
|
Episode 28 - RSA Conference 2017
|
Jan 19, 2017 |
|
Episode 27 - Prove To Me You Are Human
|
Jan 16, 2017 |
|
Episode 26 - Tell Your Sister, Stallman Was Right
|
Jan 12, 2017 |
|
Episode 25 - The Future Is Now
|
Jan 09, 2017 |
|
Episode 24 - The 2016 Prediction Edition
|
Jan 03, 2017 |
|
Episode 23 - We Can't Patch People
|
Dec 28, 2016 |
|
Episode 22 - IoT Wild West
|
Dec 24, 2016 |
|
Episode 21 - CVE 10K Extravaganza
|
Dec 21, 2016 |
|
Episode 20 - The Death Of PGP
|
Dec 19, 2016 |
|
Episode 19 - A Field Full Of Razor Blades And Monsters
|
Dec 13, 2016 |
|
Episode 18 - The Security Of Santa
|
Dec 09, 2016 |
|
Episode 17 - Cyphercon Interview With Korgo
|
Dec 06, 2016 |
|
Episode 16 - Cat And Mouse
|
Dec 02, 2016 |
|
Episode 15 - Cyber Black Monday
|
Nov 29, 2016 |
|
Episode 14 - David A Wheeler: CII Badges
|
Nov 22, 2016 |
|
Episode 13 - CVE: The Metric System Of Security
|
Nov 18, 2016 |
|
Episode 12 - Security Trebuchet
|
Nov 10, 2016 |
|
Episode 11 - The Poison Candy Episode
|
Oct 31, 2016 |
|
Episode 10 - The Super Botnet That Nobody Can Stop
|
Oct 24, 2016 |
|
Episode 9 - Are Bug Bounties Measuring The Wrong Things
|
Oct 18, 2016 |
|
Episode 8 - The Primality Of Prime Numbers
|
Oct 11, 2016 |
|
Episode 7 - More Powerful Than Root
|
Oct 03, 2016 |
|
Episode 6 - Foundational Knowledge Of Security
|
Sep 29, 2016 |
|
Episode 5 - OpenSSL: The Library We Deserve
|
Sep 29, 2016 |
|
Episode 4 - Dead Squirrel In A Box
|
Sep 21, 2016 |
|
Episode - 3 The Lockpicking Sewing Circle
|
Sep 13, 2016 |
|
Episode 2 - Instills The Proper Amount Of Fear
|
Sep 07, 2016 |
|
Episode 1 - Rich History Of Security Flaws
|
Sep 06, 2016 |