The good news: open source software is nearly universal. The bad news: half of source code repositories contains open source code containing high-risk vulnerabilities, according to a new report released by the firm Synopsys.
Episode 176: Security Alarms in Census II Open Source Audit. Also: The New Face of Insider Threats with Code42
Joe Payne the CEO of Code42 joins us to talk about how the challenge of data breach prevention is changing. And: we do a deep dive on the recent Census II audit of open source.
Vijay Balasubramaniyan of Pindrop joins us to talk about it. And, in our second segment, Sam Bisbee the CSO of the firm ThreatStack joins us to talk about last month’s hack of the PEAR open source package manager and why data deserialization attacks are a growing threat to projects that use open source components.
Episode 124: The Twitter Accounts Pushing French Protests. Also: social engineering the Software Supply Chain
In this week’s podcast (#124): we speak with French security researcher Baptiste Robert about research on the social media accounts pushing the french “Yellow Vest” protests. Surprise, surprise: they’re not french. Also: Brian Fox of the firm Sonatype joins us to talk about the recent compromise of the Github event-stream project and why social engineering poses a real risk to the security of the software supply chain.
Podcast: Play in new window | Download (Duration: 33:40 — 38.5MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s podcast (#108), sponsored by CA Veracode: hacker summer camp wrapped up on Sunday, as the 26th annual DEF CON conference concluded at Caesar’s Palace in Las Vegas. Hacks of connected and smart vehicles were a big theme again this year. We sat down with the organizers of DEF CON’s Car Hacking Village to see what was news at this year’s show. Also: open source software has revolutionized the way software gets made, and turbo charged the growth of companies like Facebook and Uber. But is the open source model failing us when it comes to security? We’re joined by OWASP founder Mark Curphey of CA Veracode to discuss it.