Sign up to save your podcasts
Or
Share Deceptive Diffs From Subversive Submitters - ASW #148
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Deceptive Diffs From Subversive Submitters - ASW #148
We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review?
For additional resources please visit:
Deceptive Diffs From Subversive Submitters - ASW #148 Featuring: John Kinsella (https://www.linkedin.com/in/jlkinsel), Mike Shema (https://www.linkedin.com/in/zombie).
Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw148
View all episodes
By Security Weekly Productions
4.8
44 ratings
We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review?
For additional resources please visit:
Deceptive Diffs From Subversive Submitters - ASW #148 Featuring: John Kinsella (https://www.linkedin.com/in/jlkinsel), Mike Shema (https://www.linkedin.com/in/zombie).
Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw148
More shows like Application Security Weekly (Video)
View all
Global News Podcast
7,722 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
LINUX Unplugged
266 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
638 Listeners
CyberWire Daily
1,021 Listeners
Darknet Diaries
8,016 Listeners
Cybersecurity Today
178 Listeners
Kubernetes Podcast from Google
181 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cloud Security Podcast
57 Listeners
Cyber Security Headlines
137 Listeners
Cloud Security Podcast by Google
40 Listeners
Risky Bulletin
46 Listeners