36 min listen
Deceptive Diffs From Subversive Submitters - ASW #148
Deceptive Diffs From Subversive Submitters - ASW #148
ratings:
Length:
38 minutes
Released:
Apr 26, 2021
Format:
Podcast episode
Description
We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review? For additional resources please visit: Deceptive Diffs From Subversive Submitters - ASW #148 Featuring: John Kinsella (https://www.linkedin.com/in/jlkinsel), Mike Shema (https://www.linkedin.com/in/zombie). Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw148
Released:
Apr 26, 2021
Format:
Podcast episode
Titles in the series (100)
Interview with Kati Rodzon and Mike Murray: Kati Rodzon is the manager of Security Behavior Deisgn for MAD Security. Her last nine years have been spent studying psychology and ways to modify human behavior. From learning about the power of social pressure on groups, to how subtle changes in... by Security Weekly Podcast Network (Video)