CVE for EOL with Aaron Frost

Open Source Security

Player FM - Internet Radio Done Right

276 subscribers

הוסף לפני eight שנים

תוכן מסופק על ידי Open Source Security and Josh Bressers. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Open Source Security and Josh Bressers או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Skip Intro

1
Zoey Deutch (Nouvelle Vague) 37:44

לפני 11 ימים37:44

הפעל מאוחר יותר

רשימות

לייק

אהבתי

37:44

Zoey Deutch returns to Skip Intro to talk about her latest transformation in Nouvelle Vague as American actress Jean Seberg. Directed by acclaimed filmmaker Richard Linklater — and a love letter to the French New Wave classic Breathless — Nouvelle Vague wasn’t the first time that Linklater and Deutch shared a film set. Deutch shares how Linklater compares rehearsals to athletics, starting exciting new chapters in her personal life, hilarious irrational fears, and the deep love she has for her sister, Maddie. Video episodes are also available on the Still Watching Netflix YouTube Channel. Listen to more from Netflix Podcasts .…

לפני שנה 30:00

MP3•בית הפרקים

Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with knowledge. The conversation uncovers the ethical tensions between resource constraints and security transparency, highlighting why the "vulnerable until proven otherwise" approach is the best path forward for end of life software.

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-04-cve_eol_aaron_frost/

505 פרקים

#Open Source #Software Development #Security #Josh Bressers #Tech #Cybersecurity #Open #Opensource #Source #Open Source Security

CVE for EOL with Aaron Frost

Open Source Security

276 subscribers

published לפני שנה

שתפו

MP3•בית הפרקים

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-04-cve_eol_aaron_frost/

505 פרקים

#Open Source #Software Development #Security #Josh Bressers #Tech #Cybersecurity #Open #Opensource #Source #Open Source Security

כל הפרקים

1
Python Security with Seth Larson 31:44

לפני 1 day31:44

31:44

In this episode Seth Larson gives us a cornucopia of topics relating to Python security. Seth discusses the Python Software Foundation's decision to reject a significant grant NSF. Diversity is a big deal to python, so this was a no brainier. We discuss the upcoming PyCon US conference, featuring a new security track that fosters collaboration between developers and security experts. Josh is a huge fan of having a security track at developer conferences. And we close on a paper about zip and tar archives Seth wrote. It seems like we should have zip and tar security figured out by now, but we don't. Thankfully Seth is working on it. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-11-python-security-seth-larson/…

1
Linux Vendor Firmware Service with Richard Hughes 35:46

לפני 9 ימים35:46

35:46

Josh talks to Richard Hughes about the world of firmware. We cover how Richard's journey from developing the ColorHug led to the creation of the Linux Vendor Firmware Service (LVFS), changing how firmware updates are managed for nearly every Linux user. Updating firmware has always been dicey, and on Linux it used to be impossible. Richard helps us understand how this all works and how we can all help out. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-11-lvfs-richard-hughes/…

1
NPM supply chain attacks with Charlie Eriksen 34:31

לפני 16 ימים34:31

34:31

Josh chats with Charlie Eriksen, a security researcher at Aikido Security. We discuss the recent NPM supply chain attacks that affect hundreds of packages. Charlie shares his experiences dealing with recent security breaches, the challenges of maintaining trust in open source software, and the importance of proactive measures to safeguard open source. The rapid pace of change is impacting our security practices and what steps can be taken to foster resilience in the face of evolving threats. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-11-npm-charlie/…

1
Detecting XZ in Debian with Otto Kekäläinen 31:48

לפני 23 ימים31:48

31:48

In this episode, Josh and Otto dive into the world of Debian packaging, exploring the challenges of supply chain security and the importance of transparency in open source projects. They discuss Otto's blog post about the XZ backdoor and how it's a nearly impossible attack to detect. Otto does a great job breaking down an incredibly complex problem into understandable pieces. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-11-xz-debian-otto/…

1
Eclipse Foundation SBOMs with Mikael Barbero 31:15

לפני 5 weeks31:15

31:15

In this conversation, Josh speaks with Mikael Barbero, head of security at the Eclipse Foundation. They discuss the foundation's role in enhancing the security posture of open source projects, the importance of Software Bill of Materials (SBOMs), and the various security services provided to projects. Mikael explains the challenges and strategies involved in implementing security best practices across a diverse range of projects, as well as the foundation's proactive approach to navigating security regulations and compliance. This is some great security work happening for open source projects. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-10-eclipse-sbom-mikael-barbero/…

1
Actually finding vulnerabilities using AI with Joshua Rogers 31:35

לפני 6 weeks31:35

31:35

I chat with Joshua Rogers about a blog post he wrote as well as some bugs he submitted to the curl project. Joshua explains how he went searching for some AI tools to help find security bugs, and found out they can work, if you're a competent human. We discuss the challenges of finding effective tools, the importance of human oversight in triaging vulnerabilities, and how to submit those bugs to open source projects responsibly. It's a very sane and realistic conversation about what AI tools can and can't do, and how humans should be interacting with these things. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-10-ai-joshua-rogers/…

1
Sustaining Package Repositories with Brian Fox 42:20

לפני 7 weeks42:20

42:20

Brian Fox discusses the challenges and future of open source package repository infrastructure. We discuss the complexities of managing public registries, the impact of overconsumption, and the importance of sustainable practices in the open source community. Brian tells us how organizations can reduce their footprint and contribute to a more balanced ecosystem. The package repositories cannot continue to be the world's CDN. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-10-sustaining-repos-brian-fox/…

1
Arch Linux Security with Foxboron and Anthraxx 38:08

לפני 8 weeks38:08

38:08

Join us for a conversation with Foxboron (Morten Linderud) and Anthraxx (Levente Polyak), members of the Arch Linux security team. We talk about the difficulties of maintaining a Linux distribution, the challenges of handling CVEs, and the dedication of volunteers who keep the open-source community working (and how overworked those volunteers are). We explain what makes Arch a little different, how they approach their security process, and what sort of help they would love to see in the future. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-arch-foxboron-anthraxx/…

1
OpenSSL with Hana Andersen and Anton Arapov 28:48

לפני 9 weeks28:48

28:48

I discuss all things OpenSSL with Hana Andersen and Anton Arapov from the OpenSSL Corporation. Discover the intricacies of organizing the first-ever OpenSSL conference in Prague, the importance of post-quantum cryptography, and the evolution of OpenSSL from a small team to a global community. Whether you're a seasoned cryptographer or just curious about the future of secure communications, this episode offers insights and stories. Don't miss out on learning how OpenSSL is still shaping the future of cryptography. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-openssl-hana-anton/…

1
The Python Software Foundation with Deb Nicholson 37:48

לפני 10 weeks37:48

37:48

In this episode I discuss the Python Software Foundation with Deb Nicholson. We discuss their contributions to the Python programming community. Learn how this dedicated organization supports the growth and innovation of Python, fostering an ecosystem for developers worldwide. Everything funding open-source projects to organizing community events, discover the initiatives that make the Python Software Foundation a force for positive change in the tech world. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-psf-deb-nicholson/…

1
Using Mercator to map assets with Didier Barzin 25:48

לפני 11 weeks25:48

25:48

In this episode, we the information system mapping tool Mercator with Didier Barzin, a CISO at a hospital in Luxembourg. Discover how Mercator revolutionizes the way organizations map their complex information systems. From hospitals to universities and even the banking sector. Mercator helps manage and protect vast networks by creating dynamic, comprehensive maps that replace outdated Excel sheets. Join us as we explore the challenges and innovations in information security and the impact of Mercator on various industries. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-mercator-didier-barzin/…

1
Talos Linux security with Andrey Smirnov 38:04

לפני 12 weeks38:04

38:04

In this episode, I discuss into the security features of Talos Linux with Andrey Smirnov. Andrey explains how Talos focuses on its immutability and minimal attack surface. Discover how these enhancements fortify your systems against vulnerabilities, ensuring a secure and resilient infrastructure. Join us as we explore the security advancements that make Talos Linux not only a super easy way to run Kubernetes, but also a very secure way. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-09-talos-andrey-smirnov/…

1
Discussing the Open Source, Open Threats? paper with Behzad and Ali 34:59

לפני 13 weeks34:59

34:59

In this episode I chat with the authors of a recent paper on open source security: Open Source, Open Threats? Investigating Security Challenges in Open-Source Software. I chat with Ali Akhavani and Behzad Ousat about their findings. There are interesting data points in the paper such as a 98% increase in reported vulnerabilities compared to a 25% growth in open source ecosystems. We discuss the challenges of maintaining security in a rapidly expanding digital landscape, and learn about the role of community engagement and automated tools in addressing these discrepancies. It's a great paper and a fantastic discussion. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-08-oss-threats-ali-behzad/…

1
crates.io trusted publishing with Tobias Bieniek 25:39

לפני 14 weeks25:39

25:39

In this episode we discuss crates.io trusted publishing with Tobias Bieniek. We cover the steps crates.io is taking to enhance supply chain security through trusted publishing, a method that leverages short-lived tokens and GitHub actions to safeguard against unauthorized access. Tobias shares insights into the challenges of managing a large-scale open-source repository, offering a glimpse into the future of secure software distribution. Tune in to learn how these advancements are shaping the landscape of open-source development. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-08-cratesio-trusted-publishing-tobias/…

1
CVE update with Patrick Garrity 32:25

לפני 15 weeks32:25

32:25

In this episode I chat with Patrick Garrity from VulnCheck. We discuss the chaos that has enveloped the CVE and NVD programs over the past two years. We cover some of the transparency and communication challenges with the existing program. What some of the new things that have started to emerge as well as why they seem to be struggling. We end on the note that the last 3 months haven't been confidence inspiring. It's likely in 6 months everyone will be scrambling to deal with a difficult situation. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-08-cve-patrick-garrity/…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

276 subscribers

דומה לOpen Source Security

Crayola Color Wonder Magic Light Brush, Mess Free Painting Station for Kids, Toddler Toys & Activities, Holiday & Christmas Gifts for Kids, Ages 3+

Tubi: Watch Free Movies & TV Shows

Medicube Zero Pore Pads 2.0, Dual-Textured Facial Toner Pads for Exfoliation and Pore Care with 4.5% AHA Lactic Acid & 0.45% BHA Salicylic Acid, Ideal for All Skin Types, Korean Skin Care (70 units)

פודקאסטים ששווה להאזין

Open Source Security « » CVE for EOL with Aaron Frost

CVE for EOL with Aaron Frost

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

דומה לOpen Source Security

מדריך עזר מהיר

Open Source Security « »
CVE for EOL with Aaron Frost