Episode 35

Busting Open Source Security Myths

Download Subscribe
00:00:00
/
00:34:11
RSS Feed Download (31.7 MB) Link with Timestamp

September 30th, 2021

34 mins 11 secs

Link with Timestamp

Download MP3 (31.7 MB)

Your Hosts
Tags
openssf hearbleed myth open-tech brandon johnson red hat technology career sudo show itguyeric open source enterprise cloud devops it

About this Episode

Eric and Brandon sit down and look into some of the biggest security myths around Open Source software and one by one debunk them right on the show!

Destination Linux Network
Sudo Show Website
Sponsor: Bitwarden
Sponsor: Digital Ocean
Sudo Show Swag

Contact Us:
DLN Discourse
Email Us!
Sudo Matrix Room

Heartbleed
Sophos: Venom Virtual Machine Escape Bug
Tidelift Blog: More than Half of Maintainers Have Quit or Considered Quitting, and Here’s Why
Jaeger Tracing
Article: Measure the Health of Open Source Communities

Open Source Security Foundation (OpenSSF)
Article: Google Releases New Open Source Seucirty Software Program Scorecards
GitHub: OSSF Scorecard
LFX Insights

Tidelift
Open Collective

Chapters

00:00 Intro
00:42 Welcome
01:14 Sponsor - Bitwarden
02:40 Sponsor - Digital Ocean
03:42 OSS Has Vulnerabilities
07:45 Free means cheap
14:53 Heartbleed Bug
20:25 Open Source is Amature
24:29 OpenSSF Scorecard
33:07 Wrap Up