OpenSSH and node-ip - it's all exponential growth
Listen now
Description
Josh and Kurt talk about the recent OpenSSH vulnerability and the node-ip project owner taking their project private. They're quasi related in the context of two open source projects handled bugs very differently. The OpenSSH bug isn't really as serious as it seems, but you still want to patch.
The node-ip bug is a very different story. The relationship between users and open source developers is one experiencing more strain now than we've ever seen. It's a weird conversation and we don't have good answers. Security in general is a collection of unsolvable problems.
Show Notes Qualys security advisory Hacker News Discussion Security Cryptography Whatever Dev rejects CVE severity, makes his GitHub repo read-only
More Episodes
Josh and Kurt talk about the way Wordpress vets their plugins. While Wordpress has been in the news lately, they do some clever things to get plugins approved. There's a static analyzer that runs against new submissions. We discuss using static analysis, securing open source, contributing and...
Published 11/18/24
Published 11/18/24
Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift
Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The overall theme seems to be open source is huge, everywhere, and needs help. But all is no lost!...
Published 11/11/24
Links
Twitter
Facebook
Instagram
Patreon
Genres
Artwork or description wrong?
Request an update »
Updates may take a few minutes.
Do you host a podcast?
Track your ranks and reviews from Spotify, Apple Podcasts and more.
