Sign up to save your podcasts
Or
Share Minimum Safe Distance - ASW #148
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Minimum Safe Distance - ASW #148
We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review? This week in the AppSec News: Signal points out parsing problems, privacy preserving improvements to AirDrop, Homebrew disclosure, WhatsApp workflows, adversarial data ordering for ML, & more!
Show Notes: https://securityweekly.com/asw148
Visit https://www.securityweekly.com/asw for all the latest episodes!
Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
View all episodes
By Security Weekly Productions
4.4
208208 ratings
We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review? This week in the AppSec News: Signal points out parsing problems, privacy preserving improvements to AirDrop, Homebrew disclosure, WhatsApp workflows, adversarial data ordering for ML, & more!
Show Notes: https://securityweekly.com/asw148
Visit https://www.securityweekly.com/asw for all the latest episodes!
Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
More shows like Security Weekly Podcast Network (Audio)
View all
Freakonomics Radio
32,330 Listeners
Planet Money
30,874 Listeners
Global News Podcast
7,836 Listeners
Hacked
190 Listeners
Security Now (Audio)
2,005 Listeners
Uncanny Valley | WIRED
500 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
CyberWire Daily
1,032 Listeners
Paul's Security Weekly (Audio)
17 Listeners
Click Here
422 Listeners
Darknet Diaries
8,090 Listeners
Tech Brew Ride Home
970 Listeners
Cybersecurity Today
178 Listeners
Cybersecurity Headlines
137 Listeners