A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
Signing (What is it good for)
Josh and Kurt talk about what the actual purpose of signing artifacts is. This is one of those spaces where the chain of custody for signing content is a lot more complicated than it sometimes seems to be. Is delivering software over https just as good as using a detached signature? How did we end up here, what do we think the future looks like? This episode will have something for everyone to complain about!
Show Notes Twitter thread Kurt's security advisory page Bug 998
The Security of Jobs or Job Security
Josh and Kurt talk about the security of employees leaving jobs. Be it a voluntary departure or in the context of the current layoffs we see, what are the security implications of having to remove access for one or more people departing their job?
Show Notes Tesla Layoffs Coinbase layoffs
The security of alert fatigue
Josh and Kurt talk about a funny GitHub reply that notified 400,000 people. It's fun to laugh at this, but it's an easy open to discussing alert fatigue and why it's important to be very mindful of our communications.
Show Notes GitHub 400K notifications Hacker News thread Reddit user TV Bluetooth
Big fat containers
Josh and Kurt talk about containers. There are a lot of opinions around what type of containers is best. Back when it all started there were only huge distro sized containers. Now we have a world with many different container types and sizes. Is one better?
Show Notes Programming in the Apocalypse Bob Diachenko Paranoids Podcast
Is one open source maintainer enough?
Josh and Kurt talk about a recent OpenSSF issue that asks the question how many open source maintainers should a project have that's "healthy"? Josh did some research that shows the overwhelming majority of packages have one maintainer. What does that mean?
Show Notes OpenSSF TAC Issue 101
Episode 324 - WTF is up with WFH
Josh and Kurt talk about the whole work from home debate. It seems like there are a lot of very silly excuses why working from home is bad. We've both been working from home for a long time and have a chat about the topic. There's not much security in this one, but it is a fun discussion.
Show Notes Boris Johnson blames cheese Apple and WFH
Entertaining, insightful and actionable! 🔥
Whether you’re well established as a cyber security innovator, or just getting started carving out your role as a change agent within your organization - this is a must-listen podcast for you! Josh and Kurt do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing data security and compliance environment - from leaders who’ve actually experienced success themselves. Highly recommend listening and subscribing!
Like a fun conversation!
This podcast is like a fun conversation
Too much fluff
Should be retitled