all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2

Add to bookmarks
Jan. 18, 2022, 7:50 p.m. | Amélie Koran, Adam Baldwin, Amanda Berlin, and Bryan Brake

Brakeing Down Security Podcast www.brakeingsecurity.com

Adam Baldwin (@adam_baldwin)
Amélie Koran (@webjedi)

 

https://logging.apache.org/log4j/2.x/license.html


https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/


https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/


F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS.
https://twitter.com/BleepinComputer/status/1480182019854327808

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/


https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries

Faker.js - https://www.npmjs.com/package/faker  Generate massive amounts of fake contextual data
Colors.js - https://www.npmjs.com/pafaker  - npm package/colors get color and style in your node.js console

https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/

Should OSS teams expect payment for giving their time/code away for free? What are their expectations

Should open source projects be aware of how popular they are? What happens …

adam adambaldwin baldwin developers foss governance log4j opensource oss popular security supply supply chain supply chain security

Visit resource

More from www.brakeingsecurity.com / Brakeing Down Security Podcast

Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more! 11 hours ago | www.brakeingsecurity.com
appsec dast devops infosec +2
Josh Grossman - building Appsec programs, bridging security and developer gaps 1 month, 2 weeks ago | www.brakeingsecurity.com
appsec asvs brakesec codeanalysis +8
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox 1 month, 3 weeks ago | www.brakeingsecurity.com
board members ciso goldiknox grc +3
p2-accidentalCISO, building trust in new places 3 months, 2 weeks ago | www.brakeingsecurity.com
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec 4 months ago | www.brakeingsecurity.com
cicd ciso development management +1
1st show of 2024! Our 10th Anniversary... 4 months, 3 weeks ago | www.brakeingsecurity.com
accountability leadership
Brakesec Call to Action 2023 5 months, 2 weeks ago | www.brakeingsecurity.com
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts! 5 months, 4 weeks ago | www.brakeingsecurity.com
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can … 7 months ago | www.brakeingsecurity.com
breach cybersecurity okta ransomware +1

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com