Les meilleurs podcasts CWE (2024)

1
Episode 441 - Is CWE useful? 33:23

27d ago33:23

33:23

Josh and Kurt talk about CWE. What is it, and why does it matter. We cover some history, some shortcomings, and some ideas on how CWE could be used to make security a lot better. We frame the future discussion around the OWASP top 10 list. We should be putting more effort into removing removing entire classes of vulnerabilities. Show Notes CWE Epis…

1
Episode 444 - Open Source and End of Life 37:49

6d ago37:49

37:49

Josh and Kurt talk about Chrome unexpectedly going EOL on Ubuntu 18. Keeping old things alive is really hard to do, and in open source it's becoming more common to just run the latest version rather than trying to keep old versions alive for long periods of time. Show Notes Chrome dumped support for Ubuntu 18.04 – but it'll be back Linus Torvalds t…

1
Episode 443 - The Supply Chain Security Crisis 34:23

13d ago34:23

34:23

Josh and Kurt talk about a story that discusses a story from Black Hat that references supply chains. There's a ton of doom and gloom around our software supply chains and much of the advice isn't realistic. If we want to take this seriously we need to stop obsessing over the little problems and focus on some big problems. Show Notes Black Hat USA …

1
Wine Caves: Bonus Episode 9:37

16d ago9:37

9:37

This is a bonus episode created from another project I was working on this month. It's got a little less corkdorkery than the original episode from way back in Season 3, but I've linked it up in case you would like to revisit it, as well as the original sourcing material. Wine Caves: Dishing the Dirt https://glassinsession.libsyn.com/s3e3-wine-cave…

1
Episode 442 - The foundation of society, TLS certificates are a mess 40:35

20d ago40:35

40:35

Josh and Kurt talk about a few stories around the TLS CA certificate world. It's all pretty dire sounding. There's not a lot of organization or process in the space, and the root CAs are literally the foundation of modern society, everything needs them to function. There's not a lot of positive ideas here, it's mostly a show where Kurt explains to …

1
Belgian Wines (updated) and PIWI Grapes | S16E3 Re-release 16:00

30d ago16:00

16:00

A light, quick nip at the wines of Belgium, as well as a little corkdorkery on PIWI grapes. *UPDATED with July 2024 stats and information* Resources from this episode: Books: The Oxford Companion to Wine [5th Edition], Harding, J., Robinson, J., Thomas, T. (2023) Websites and Digital Document Files: Belgium Map 360: Belgium Wine Map https://belgium…

1
Episode 440 - "What is open source" talk Josh gave 34:36

1M ago34:36

34:36

Josh and Kurt talk about a presentation Josh recently gave that was supposed to be about how open source works. The talk was the wrong topic for a security crowd, but there's a lot of interesting details in the questions and comments that emerged. It's clear a lot of security people don't really care about the fine details about what open source is…

1
Interview with Doug Pinkham, President, Public Affairs Council 1:00:15

1M ago1:00:15

1:00:15

In an interview episode, I talk to Doug Pinkham, President of the Public Affairs Council. We talk about the importance of public affairs, its role in reputation management, how the industry has changed and what we can expect from the future. We also couldn't avoid talking about the forthcoming US Presidential election! This episode was recorded bef…

1
Episode 439 - Where are all the youth in open source? 29:27

1M ago29:27

29:27

Josh and Kurt talk about a story talking about the "graying" of open source. There doesn't seem to be many young people working on open source, but we don't really know why that is. There are many thoughts, but a better question is why should anyone get involved in open source anymore? The world has changed quite a lot since open source was created…

1
Aquavit: The Spirit of Scandinavia |S16E6 19:58

1M ago19:58

19:58

Aquavit or Akvavit or Akevitt: The spirit of Scandinavia, gin’s Nordic cousin, snaps, it goes by many names around the world. Some even sails around the world before it’s bottled. This episode explores some of the history, styles, and origins of the spirit, as well as some tasty tales of potato priests, black death, and drinking songs. Resources fr…

1
Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice 34:52

2M ago34:52

34:52

Josh and Kurt talk about two documents from the US government that discuss open source in very different ways. The CISA document lays out a way to measure open source, but we take issue with the idea of trying to measure which open source projects are "good". The Whitehouse on the other hand takes an approach that is very open source, get involved.…

1
Interview with Zoe Cohen, board level director, Master Coach and Activist 46:08

2M ago46:08

46:08

In an interview episode, I talk to Zoe Cohen, a highly experienced board-level director and Master Coach. We talk about the importance of taking action to save the planet, climate communications, her activism and work with Extinction Rebellion, Insulate Britain and Just Stop Oil. This episode was recorded before the recent UK General Election and *…

1
Episode 437 - CocoPods and proper funding for open source 36:50

2M ago36:50

36:50

Josh and Kurt talk about a pretty big bug found in CocoPods ownership. We also touch on a paper that discusses the technical debt that open source should have. We discuss what the long term sustainability of open source. There aren't any good solutions for open source today, but talking about these problems is important, we have to start to underst…

1
Wine from the North Island of New Zealand | S16E5 23:40

2M ago23:40

23:40

A quick zip around the North Island of New Zealand’s wine regions, a bit of history, and - well - some silliness, because the host, once again, cannot freaking help herself. Warning: the host was not/NOT involved in the throwing of either fowl or fake phallus, but has marked this episode as explicit due to some adult - stupid & humorous, but adult …

1
Interview with John Harrington, Editor, PR Week UK 38:04

2M ago38:04

38:04

In an interview episode, I talk to John Harrington, Editor, PR Week UK. We talk about his work at PR Week, stories that he is particularly proud of, the main challenges facing the public affairs, and how it may evolve in the coming years. Learn more about me and my services @CWE Communications Thanks to my editor Callums World.…

1
Episode 436 - OpenSSH and node-ip - it's all exponential growth 32:10

2M ago32:10

32:10

Josh and Kurt talk about the recent OpenSSH vulnerability and the node-ip project owner taking their project private. They're quasi related in the context of two open source projects handled bugs very differently. The OpenSSH bug isn't really as serious as it seems, but you still want to patch. The node-ip bug is a very different story. The relatio…

1
Episode 435 - polyfill.io - open source is too big to fix 38:50

2M ago38:50

38:50

Josh and Kurt talk about the latest polyfill.io mess. Apparently someone took over a very popular project and started to serve malware. First XZ, now this. What does it mean for open source? We don't have any answers, and it's hard to even talk about this problem because it's so big. The thing is though, even if we can't fix open source, it's here …

1
Washington Wine | S16E4 23:23

2M ago23:23

23:23

Exploring Washington’s wine regions, history, and grapes. Trivia? Bush flattery? An old hobo ditty about cigarette trees? Yep, got that too. Resources from this episode: Books: The Oxford Companion to Wine [5th Edition], Harding, J., Robinson, J., Thomas, T. (2023) Websites and Digital Document Files: Brittanica: Hudson’s Bay Company (4 June 2024) …

1
Vibin With Veto EP. 5 w/ Searcy “CEO of CWE Distro” 19:06

3M ago19:06

19:06

In this episode of *Vibin With Veto*, we sit down with Searcy, the dynamic CEO of the innovative distribution company CWE. Searcy shares his journey from humble beginnings to becoming a powerhouse in the music distribution industry. We dive deep into the challenges he faced, the strategies that propelled CWE to success, and his vision for the futur…

1
Episode 434 - Unreported vulnerabilities and everyone is getting hacked 31:17

3M ago31:17

31:17

Josh and Kurt talk about three wangles of responsibility. We start with a story about a bike theft ring, bike theft doesn't usually get any attention, but this one is special. Then we ask why it seems like everyone is getting hacked, it's because they have to tell us now. And finally we have a story about the huge number of unreported vulnerabiliti…

1
Episode 433 - Should OpenSSH block misbehaving clients? 31:40

3M ago31:40

31:40

Josh and Kurt talk about a new proposal from OpenSSH to add a timeout to penalize clients misbehaving. But this then brings up the typical security conversation of "if it's not perfect we shouldn't do it". Trying new things is a good thing, even if something fails, we learn a lesson that we can use in the future. Show Notes OpenSSH introduces optio…

1
Belgian Wines and PIWI Grapes |S16E3 14:31

3M ago14:31

14:31

A light, quick nip at the wines of Belgium, as well as a little corkdorkery on PIWI grapes. Resources from this episode: Books: The Oxford Companion to Wine [5th Edition], Harding, J., Robinson, J., Thomas, T. (2023) Websites and Digital Document Files: Belgium Map 360: Belgium Wine Map https://belgiummap360.com/belgium-wine-map Britannica: List of…

1
Vibin With Veto Ep.4 W/ Lalaa Shepard 24:55

3M ago24:55

24:55

Episode Title: In the Mix with Lalaa Shepard: The Progress Report Unveiled In this exciting episode of “Vibin with Veto,” host Veto sits down with the dynamic Lalaa Shepard, the powerhouse behind The Progress Report. Known for her influential presence in the music industry and her platform's commitment to showcasing emerging talent, Lalaa shares he…

1
Episode 432 - Flipper Zero with Alex Kulagin 33:08

3M ago33:08

33:08

Josh and Kurt talk to Alex Kulagin from Flipper about the Flipper Zero. It's one of the coolest hacker devices that exists on the market. We talk about what it is, how it started, what it can (and can't) do. It's a really fun conversation. Show Notes Flipper Zero Website Headphone jack radio capture Flipper Zero on Tik Tok…

1
Vibin With Veto EP 3 W/ Tempest Tuesday 24:51

3M ago24:51

24:51

🎙️ **Vibin with Veto** presents a special episode featuring the dynamic Tempest Tuesday Join us as we dive deep into an electrifying conversation with Tempest Tuesday, known for shaking up the scene with her unique perspectives and unmatchable energy. We explore her journey, passions, and the stories that shaped her vibrant career. Don't miss this …

1
Vibin With Veto EP. 2 w/ T Royal 28:51

3M ago28:51

28:51

In this exciting episode of "Vibin with Veto," we sit down with the incredibly talented T-Royal, a rising star from the Eastside of Atlanta, GA. Known for his smooth vocals and unique sound, T-Royal shares his journey through the music industry, his inspirations, and the stories behind some of his most popular tracks. Tune in as we dive deep into h…

1
Episode 431 - Redirecting HTTP to HTTPS 32:52

3M ago32:52

32:52

Josh and Kurt talk about a blog post titled "Your API Shouldn't Redirect HTTP to HTTPS". It's an interesting idea, and probably a good one. There is however a lot of baggage in this space as you'll hear in the discussion. There's no a simple solution, but this is certainly something to discuss. Show Notes Your API Shouldn't Redirect HTTP to HTTPS H…

1
Vibin With Veto : Episode 1 w/ Ray Daniels 34:08

3M ago34:08

34:08

In this exciting episode of "Vibin with Veto," we sit down with the legendary Hip Hop Mogul, Ray Daniels. Known for his incredible contributions to the music industry, Ray shares his journey from humble beginnings to becoming a key player in hip hop. We delve into his experiences working with top artists, the challenges he faced, and his vision for…

1
Episode 430 - Frozen kernel security 34:18

3M ago34:18

34:18

Josh and Kurt talk about a blog post about frozen kernels being more secure. We cover some of the history and how a frozen kernel works and discuss why they would be less secure. A frozen kernel is from when things worked very differently. What sort of changes will we see in the future? Show Notes Kurt's strange coffee Why a 'frozen' distribution L…

1
Oh, Canadian Wine | S16E2 20:22

4M ago20:22

20:22

We’re taking off to the great wine north to explore the regions of Canada. Of course we gathered a little history and fun pop culture nuggets along the way. Resources from this episode: Books: The Oxford Companion to Wine [5th Edition], Harding, J., Robinson, J., Thomas, T. (2023) Websites and Digital Document Files: Canadian Encyclopedia: Hoser [e…

1
Episode 429 - The autonomy of open source developers 32:06

4M ago32:06

32:06

Josh and Kurt talk about open source and autonomy. This is even related to some recent return to office news. The conversation weaves between a few threads, but fundamentally there's some questions about why do people do what they do, especially in the world of open source. This also is a problem we see in security, security people love to tell dev…

1
Episode 428 - GitHub artifact attestation 37:25

4M ago37:25

37:25

Josh and Kurt talk about a new to sign artifacts on GitHub. It's in beta, it's not going to be easy to use, it will have bugs. But that's all OK. This is how we start. We need infrastructure like this to enable easier to use features in the future. Someday, everything will be signed by default. Show Notes GitHub artifact attestation…

1
Austrian and German Sekt | S16E1 17:57

4M ago17:57

17:57

We're exploring the early days and styles of sekt: sparkling wine from Austria and Germany. Resources from this episode: Books: The Oxford Companion to Wine [5th Edition], Harding, J., Robinson, J., Thomas, T. (2023) Websites and Digital Document Files: Austrian Wine: Austrian Sekt https://www.austrianwine.com/austrian-sekt/ The Drinks Business: Se…

1
Episode 427 - Will run0 replace sudo? 30:12

4M ago30:12

30:12

Josh and Kurt talk about a sudo replacement going into systemd called run0. It sounds like it'll get a lot right, but systemd is a pretty big attack surface and not everyone is a fan. We shall have to see if this ends up replacing sudo. Show Notes Conan O'Brien on Hot Ones Lennart's Mastodon thread xkcd automation…

1
Episode 426 - Automatically exploiting CVEs with AI 37:31

4M ago37:31

37:31

Josh and Kurt talk about a paper describing using a LLM to automatically create exploits for CVEs. The idea is probably already happening in many spaces such as pen testing and intelligence services. We can't keep up with the number of vulnerabilities we have, there's no way we can possibly keep up with a glut of LLM generated vulnerabilities. We r…

1
Episode 425 - Video game cheaters, also pretendo 30:36

5M ago30:36

30:36

Josh and Kurt talk about a database of game cheaters. Cheating in games has many similarities to security problems. Anti cheat rootkits are also terrible. The clever thing however is using statistics to identify cheaters. Statistics don't lie. Also, we discuss the Pretendo project sitting on a vulnerability for a year, is this ethical? Show Notes H…

1
Risk Appetite in Communications: A Catalyst for Innovation and Growth 4:40

5M ago4:40

4:40

All organisations need to manage risk. Some do it better than others. Some make basic mistakes; others try to drive out all aspects of risk. But the reality is that some risk needs to be maintained, not least in communications, otherwise innovation can die. Thanks to my editor Callums World.Par Stuart Thomson

1
Episode 424 - The Notepad++ Parasite Website 35:22

5M ago35:22

35:22

Josh and Kurt talk about a Notepad++ fake website. It's possibly not illegal, but it's certainly ethically wrong. We also end up discussing why it seems like all these weird and wild things keep happening. It's probably due to the massive size of open source (and everything) now. Things have gotten gigantic and we didn't really notice. Show Notes H…

1
Episode 423 - FCC cybersecurity label for consumer devices 32:09

5M ago32:09

32:09

Josh and Kurt talk about a new FCC program to provide a cybersecurity certification mark. Similar to other consumer safety marks such as UL or CE. We also tie this conversation into GrapheneOS, and what trying to claim a consumer device is secure really means. Some of our compute devices have an infinite number of possible states. It's a really wei…

1
XZ Bonus Spectacular Episode 1:01:04

5M ago1:01:04

1:01:04

Josh and Kurt talk about the recent events around XZ. It's only been a few days, and it's amazing what we already know. We explain a lot of the basics we currently know with the attitude much of these details will change quickly over the coming week. We can't fix this problem as it stands, we don't know where to start yet. But that's not a reason t…

1
Episode 422 - Do you have a security.txt file? 30:13

5M ago30:13

30:13

Josh and Kurt talk about the security.txt file. It's not new, but it's not something we've discussed before. It's a great idea, an easy format, and well defined. It's not high on many of our todo lists, but it's something worth doing. Show Notes RFC 9116

1
Episode 421 - CISA's new SSDF attestation form 41:03

6M ago41:03

41:03

Josh and Kurt talk about the new SSDF attestation form from CISA. The current form isn't very complicated, and the SSDF has a lot of room for interpretation. But this is the start of something big. It's going to take a long time to see big changes in supply chain security, but we're confident they will come. Show Notes Secure Software Development A…

1
Parlez-vous Pastis? | S15E6 11:53

6M ago11:53

11:53

A quick tour of a favorite French tipple, Pastis. It was created to scratch the itch of the once banned Absinthe. How is it different? How should one drink it? Why does the word show up in some political circles? Click play, enjoy. Resources from this episode: Books: Society of Wine Educators: Certified Specialist of Spirits (CSS) Study Guide, Nick…

1
Episode 420 - What's going on at NVD 39:04

6M ago39:04

39:04

Josh and Kurt talk about what's going on at the National Vulnerability Database. NVD suddenly stopped enriching vulnerabilities, and it's sent shock-waves through the vulnerability management space. While there are many unknowns right now, the one thing we can count on is things won't go back to the way they were. Show Notes Anchore's Blog Grype Jo…

1
Episode 419 - Malicious GitHub repositories 34:06

6M ago34:06

34:06

Josh and Kurt talk about an attack against GitHub where attackers are creating malicious repositories then artificially inflating the number of stars and forks. This is really a discussion about how can we try to find signal in all the noise of a massive ecosystem like GitHub. Show Notes GitHub besieged by millions of malicious repositories in ongo…

1
Five Challenges All Election Candidates Must Be Prepared For 7:28

6M ago7:28

7:28

Originally written for LabourList, and with Scott Goodstein, this episode outlines five crucial challenges for which every candidate should be prepared in creating their own winning election scenario. Learn more about me and my services @CWE Communications Thanks to my editor Callums World.Par Stuart Thomson

1
Rhône Whites Part Deux | S15E5 25:44

6M ago25:44

25:44

Another wild ride south of a nuclear plant toward a papal palace takes us through some dramatic landscape, historic vineyards, and surprises in the glass as we explore the white wines of the Southern Rhone. Resources from this episode: Books: The Oxford Companion to Wine [5th Edition], Harding, J., Robinson, J., Thomas, T. (2023) Websites and Digit…

1
Episode 418 - Being right all the time is hard 30:17

6M ago30:17

30:17

Josh and Kurt talk about recent stories about data breaches, flipper zero banning, and realistic security. We have a lot of weird challenges in the world of security, but hard problems aren't impossible problems. Sometimes we forget that. Show Notes Mon Dieu! Nearly half the French population have data nabbed in massive breach Feds move to ban auto…

1
Episode 417 - Linux Kernel security with Greg K-H 42:40

7M ago42:40

42:40

Josh and Kurt talk to GregKH about Linux Kernel security. We most focus on the topic of vulnerabilities in the Linux Kernel, and what being a CNA will mean for the future of Linux Kernel security vulnerabilities. The future of Linux Kernel security vulnerabilities is going to be very interesting. Show Notes Greg K-H Linux Kernel is a CNA Machine le…

1
Everything You Ever Wanted To Know About Monitoring 25:06

7M ago25:06

25:06

In a different type of episode, we hear from five of the leading monitoring companies. Delivering public affairs training, I am often asked about who can monitoring services. So, I asked leading monitoring companies to tell us more about what they do. A huge thank you to all those who took part. To learn more about the companies took part (in alpha…

Podcasts qui valent la peine d'être écoutés

CWE Podcasts

Podcasts qui valent la peine d'être écoutés

Guide de référence rapide