all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2

Add to bookmarks
Jan. 18, 2022, 7:50 p.m. | Amélie Koran, Adam Baldwin, Amanda Berlin, and Bryan Brake

Brakeing Down Security Podcast www.brakeingsecurity.com

Adam Baldwin (@adam_baldwin)
Amélie Koran (@webjedi)

 

https://logging.apache.org/log4j/2.x/license.html


https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/


https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/


F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS.
https://twitter.com/BleepinComputer/status/1480182019854327808

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/


https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries

Faker.js - https://www.npmjs.com/package/faker  Generate massive amounts of fake contextual data
Colors.js - https://www.npmjs.com/pafaker  - npm package/colors get color and style in your node.js console

https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/

Should OSS teams expect payment for giving their time/code away for free? What are their expectations

Should open source projects be aware of how popular they are? What happens …

adam adambaldwin baldwin developers foss governance log4j opensource oss popular security supply supply chain supply chain security

Visit resource

More from www.brakeingsecurity.com / Brakeing Down Security Podcast

Josh Grossman - building Appsec programs, bridging security and developer gaps 4 days, 11 hours ago | www.brakeingsecurity.com
appsec asvs brakesec codeanalysis +8
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox 1 week, 4 days ago | www.brakeingsecurity.com
board members ciso goldiknox grc +3
p2-accidentalCISO, building trust in new places 2 months ago | www.brakeingsecurity.com
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec 2 months, 2 weeks ago | www.brakeingsecurity.com
cicd ciso development management +1
1st show of 2024! Our 10th Anniversary... 3 months, 1 week ago | www.brakeingsecurity.com
accountability leadership
Brakesec Call to Action 2023 4 months ago | www.brakeingsecurity.com
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts! 4 months, 2 weeks ago | www.brakeingsecurity.com
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can … 5 months, 3 weeks ago | www.brakeingsecurity.com
breach cybersecurity okta ransomware +1
NIcole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt … 6 months, 4 weeks ago | www.brakeingsecurity.com

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Cyber Security Architect - SR

@ ERCOT | Taylor, TX
View on infosec-jobs.com

SOC Analyst

@ Wix | Tel Aviv, Israel
View on infosec-jobs.com

Associate Director, SIEM & Detection Engineering(remote)

@ Humana | Remote US
View on infosec-jobs.com

Senior DevSecOps Architect

@ Computacenter | Birmingham, GB, B37 7YS
View on infosec-jobs.com
View more jobs