40 min listen
Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2
Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2
ratings:
Length:
46 minutes
Released:
Jan 18, 2022
Format:
Podcast episode
Description
Adam Baldwin (@adam_baldwin) Amélie Koran (@webjedi) https://logging.apache.org/log4j/2.x/license.html https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/ https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/ F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. https://twitter.com/BleepinComputer/status/1480182019854327808 https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries Faker.js - https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data Colors.js - https://www.npmjs.com/pafaker - npm package/colors get color and style in your node.js console https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/ Should OSS teams expect payment for giving their time/code away for free? What are their expectations Should open source projects be aware of how popular they are? What happens when they reach a certain level of popularity? OSS Sustainability - https://github.blog/2019-01-17-lets-talk-about-open-source-sustainability/ https://webjedi.net/2022/01/03/security-puppy/ Apparently, “Hobbyists” were the bane of a young Bill Gates: (can you https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists https://en.wikipedia.org/wiki/History_of_free_and_open-source_software History of open source Licensing Overview: https://youtu.be/Eu_GvrSlShI (this was a talk I gave for Splunk on this --AK) Event-stream = https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets https://libraries.io/ Libraries.io monitors 5,039,738 open source packages across 32 different package managers, so you don't have to.
Released:
Jan 18, 2022
Format:
Podcast episode
Titles in the series (100)
2018-036-Derbycon 2018 Audio with Cheryl Biswas and Tomasz Tula: Derbycon is probably one of the best infosec conferences of the calendar year. The podcast always has so much fun meeting listeners, meeting new people, and getting some audio to share with folks who can't be there. This year, we still got some audio,... by BrakeSec Education Podcast