Sign up to save your podcasts
Or
Share Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2
Adam Baldwin (@adam_baldwin) Amélie Koran (@webjedi)
https://logging.apache.org/log4j/2.x/license.html
https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/
https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/
F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. https://twitter.com/BleepinComputer/status/1480182019854327808
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries
Faker.js - https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data Colors.js - https://www.npmjs.com/pafaker - npm package/colors get color and style in your node.js console
https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/
Should OSS teams expect payment for giving their time/code away for free? What are their expectations
Should open source projects be aware of how popular they are? What happens when they reach a certain level of popularity?
OSS Sustainability - https://github.blog/2019-01-17-lets-talk-about-open-source-sustainability/
https://webjedi.net/2022/01/03/security-puppy/
Apparently, "Hobbyists" were the bane of a young Bill Gates: (can you https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists
https://en.wikipedia.org/wiki/History_of_free_and_open-source_software History of open source
Licensing Overview: https://youtu.be/Eu_GvrSlShI (this was a talk I gave for Splunk on this --AK)
Event-stream = https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets
https://libraries.io/ Libraries.io monitors 5,039,738 open source packages across 32 different package managers, so you don't have to.
View all episodes
By Bryan Brake, Amanda Berlin, and Brian Boettcher
4.7
9898 ratings
Adam Baldwin (@adam_baldwin) Amélie Koran (@webjedi)
https://logging.apache.org/log4j/2.x/license.html
https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/
https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/
F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. https://twitter.com/BleepinComputer/status/1480182019854327808
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries
Faker.js - https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data Colors.js - https://www.npmjs.com/pafaker - npm package/colors get color and style in your node.js console
https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/
Should OSS teams expect payment for giving their time/code away for free? What are their expectations
Should open source projects be aware of how popular they are? What happens when they reach a certain level of popularity?
OSS Sustainability - https://github.blog/2019-01-17-lets-talk-about-open-source-sustainability/
https://webjedi.net/2022/01/03/security-puppy/
Apparently, "Hobbyists" were the bane of a young Bill Gates: (can you https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists
https://en.wikipedia.org/wiki/History_of_free_and_open-source_software History of open source
Licensing Overview: https://youtu.be/Eu_GvrSlShI (this was a talk I gave for Splunk on this --AK)
Event-stream = https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets
https://libraries.io/ Libraries.io monitors 5,039,738 open source packages across 32 different package managers, so you don't have to.
More shows like BrakeSec Education Podcast
View all
Security Now (Audio)
2,000 Listeners
CyberWire Daily
1,020 Listeners
Smashing Security
319 Listeners
Strict Scrutiny
5,788 Listeners