Open Source Security Podcast
polyfill.io - open source is too big to fix
Listen now
Description
Josh and Kurt talk about the latest polyfill.io mess. Apparently someone took over a very popular project and started to serve malware. First XZ, now this. What does it mean for open source? We don't have any answers, and it's hard to even talk about this problem because it's so big. The thing is though, even if we can't fix open source, it's here to stay. Show Notes Polyfill supply chain attack hits 100K+ sites OpenSSF Scorecard
More Episodes
See all »
Wordpress plugin security
Josh and Kurt talk about the way Wordpress vets their plugins. While Wordpress has been in the news lately, they do some clever things to get plugins approved. There's a static analyzer that runs against new submissions. We discuss using static analysis, securing open source, contributing and...
Published 11/18/24
Open Source Security Podcast
Published 11/18/24
Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift
Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The overall theme seems to be open source is huge, everywhere, and needs help. But all is no lost!...
Published 11/11/24
All episodes
All reviews
 
Links
opensourcesecuritypodcast.com
RSS feed
Listen on Apple Podcasts
Twitter
Facebook
Instagram
Patreon
 
Genres
Technology
Artwork or description wrong?
Request an update »
Updates may take a few minutes.
Do you host a podcast?
Track your ranks and reviews from Spotify, Apple Podcasts and more.
Podcasts
Podcast Reviews
Podcast Charts
Accounts
Log in
Terms
Privacy Policy
Help
FAQ
[email protected]
Service status
© 2024 Chartable Holding, LLC
Certified by the IAB Tech Lab SOC2 Type II Certified