Sign up to save your podcasts
Or
Share Who's going to pay to fix open source security?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Who's going to pay to fix open source security?
Will no one think of the maintainers? As The New Stack points out, watching millions of projects fail because of a bug in an open source library has become common enough that we shrug and reply, "Told you so." It's gotten so bad, big tech companies are visiting the White House to discuss the issue as a matter of national security.
There is a great post up on the Stack Overflow blog examining this issue, but it's not about color.js, it's about Log4J. Traffic to questions on this logging library grew more than 1000% percent after the recent revelations about a new vulnerability.
Also discussed in this episode: cryptographer and Signal creator Moxie Marlinspike stepped down from his role as CEO of the encrypted messaging service. That's news, but he actually made bigger waves in tech circles with an unrelated blog post detailing his first experience with Web3. Spoiler alert: it's not as decentralized or divorced from Web2 as you might have thought.
You can find Cassidy Williams on Twitter and her website.
Ben Popper can be found on Twitter here.
Ryan Donovan can be found on Twitter, or writing for the Stack Overflow blog.
See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
View all episodes
By The Stack Overflow Podcast
4.3
6262 ratings
Will no one think of the maintainers? As The New Stack points out, watching millions of projects fail because of a bug in an open source library has become common enough that we shrug and reply, "Told you so." It's gotten so bad, big tech companies are visiting the White House to discuss the issue as a matter of national security.
There is a great post up on the Stack Overflow blog examining this issue, but it's not about color.js, it's about Log4J. Traffic to questions on this logging library grew more than 1000% percent after the recent revelations about a new vulnerability.
Also discussed in this episode: cryptographer and Signal creator Moxie Marlinspike stepped down from his role as CEO of the encrypted messaging service. That's news, but he actually made bigger waves in tech circles with an unrelated blog post detailing his first experience with Web3. Spoiler alert: it's not as decentralized or divorced from Web2 as you might have thought.
You can find Cassidy Williams on Twitter and her website.
Ben Popper can be found on Twitter here.
Ryan Donovan can be found on Twitter, or writing for the Stack Overflow blog.
See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
More shows like The Stack Overflow Podcast
View all
Software Engineering Radio - the podcast for professional software developers
272 Listeners
The Changelog: Software Development, Open Source
289 Listeners
The a16z Show
1,100 Listeners
Daily Tech News Show
1,392 Listeners
Software Engineering Daily
623 Listeners
Talk Python To Me
581 Listeners
Super Data Science: ML & AI Podcast with Jon Krohn
300 Listeners
NVIDIA AI Podcast
347 Listeners
Y Combinator Startup Podcast
226 Listeners
Syntax - Tasty Web Development Treats
988 Listeners
Tech Brew Ride Home
969 Listeners
Practical AI
210 Listeners
Latent Space: The AI Engineer Podcast
100 Listeners
This Day in AI Podcast
227 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
650 Listeners