This #osspodcast episode @kurtseifried and I discuss the #RedHat news

The reality is they're still better than a lot of companies claiming to do #OpenSource but it feels like a betrayal because they were the hero of open source for so long

https://opensourcesecurity.io/2023/07/02/episode-382-red-hat-you-were-the-chosen-one/

This week on #OSSPodcast @kurtseifried and I discuss how mind boggling big open source is, and what that means for how we use it

https://opensourcesecurity.io/2023/04/09/episode-370-open-source-is-bigger-than-you-can-imagine/

Episode 364 of the #osspodcast in which Kurt had bad shwarma, @joshbressers agrees that good shwarma is great, and we learn that it's also hard to know what's in your software even if you do #SBOM https://opensourcesecurity.io/2023/02/26/episode-364-using-sboms-is-hard/ TL;DR: We got different kinds of SBOM, SBOM drift, services and APIs, and then there some complicated problems on top of all that. Also legal obligations.

#AIX isn't dead, it's just pining for the fjords, much like #NOTAM which probably wants to die and be replaced with something modern, which might happen now that it had a little nap. Find out more with @kurtseifried and @joshbressers on the #osspodcast https://opensourcesecurity.io/2023/01/22/episode-359-the-notam-outage-and-other-legacy-technology/ TL;DR: Remember the #SCO lawsuit? It's all related.

How many companies are helping #opensource by putting eggs in the toaster? Find out on the #osspodcast https://opensourcesecurity.io/2023/01/08/episode-357-is-open-source-being-overexploited/ wit @kurtseifried and @joshbressers TL;DR: don't put eggs in your toaster, seriously. Also maybe companies and demanding users should stop strip mining OpenSource and burning our developers.

I think we can all agree that #lastpass ducked up seriously, but what happens now? Find out on the #osspodcast with @kurtseifried and @joshbressershttps://opensourcesecurity.io/2023/01/01/episode-356-lastpass-ducked-up-now-what/ TL;DR: #lastpass is a bag of weasels that still has a website that makes it sound like all your vault data is encrypted. It's not.

If you didn't have enough money to get someone a gift you can give them the gift of the #osspodcast for free from @kurtseifried and @joshbressershttps://opensourcesecurity.io/2022/12/25/episode-355-security-boxing-day/ TL;DR: we talk about the security poverty line and some practical things you can actually do with no or little budget if you're using OpenSource. And trust me, you're using OpenSource.

This week on #osspodcast @kurtseifried and I chat about #stylometry

There's a tool to look at #HackerNews authors and see if their writing is similar to another user (sock puppets anyone?)

This of course leads to larger discussions about #privacy, #cybersecurity, #impersonation, and of course, #shakespeare

https://opensourcesecurity.io/2022/12/04/episode-352-stylometry-removes-anonymity/

This week on the #osspodcast @joshbressers and @kurtseifried discuss #factorio and then #usability vs #security https://opensourcesecurity.io/2022/11/27/episode-351-is-security-or-usability-a-law-of-the-universe/ TL;DR: THE ADMINS CAN READ THESE TOOTS!!!! EVEN THE PRIVATE TOOTS!!!!

Also, we managed to avoid discussing CISA, Twitter, and all the other things on fire.

This week on #OSSPodcast @kurtseifried and I chat about the new UK plan to scan all the infrastructure in the country

This of course creates a lot more questions than it answers

Nothing makes sense anymore. Maybe it never did.

#cybersecurity

https://opensourcesecurity.io/2022/11/13/episode-349-the-cyber-is-coming-from-inside-the-house-the-uk-is-scanning-itself/