A serious security flaw in a commonly used npm security module, private-ip, may affect hundreds of thousands of private and public applications.
open source
Firms are embracing Open Source. Securing it? Not so much.
The good news: open source software is nearly universal. The bad news: half of source code repositories contains open source code containing high-risk vulnerabilities, according to a new report released by the firm Synopsys.
Episode 176: Security Alarms in Census II Open Source Audit. Also: The New Face of Insider Threats with Code42
Joe Payne the CEO of Code42 joins us to talk about how the challenge of data breach prevention is changing. And: we do a deep dive on the recent Census II audit of open source.
Podcast Episode 134: The Deep Fake Threat to Authentication and analyzing the PEAR Compromise
Vijay Balasubramaniyan of Pindrop joins us to talk about it. And, in our second segment, Sam Bisbee the CSO of the firm ThreatStack joins us to talk about last month’s hack of the PEAR open source package manager and why data deserialization attacks are a growing threat to projects that use open source components.
Episode 124: The Twitter Accounts Pushing French Protests. Also: social engineering the Software Supply Chain
In this week’s podcast (#124): we speak with French security researcher Baptiste Robert about research on the social media accounts pushing the french “Yellow Vest” protests. Surprise, surprise: they’re not french. Also: Brian Fox of the firm Sonatype joins us to talk about the recent compromise of the Github event-stream project and why social engineering poses a real risk to the security of the software supply chain.
