all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Episode 410 – Package identifiers are really hard

Add to bookmarks
Jan. 8, 2024, midnight | Josh Bressers

Podcast – Open Source Security opensourcesecurity.io

Josh and Kurt talk about package identifiers. We break this down in the context of an OpenSSF response to a CISA paper on software identifications. The identifiers that get all the air time are purl, CPE, SWID, and OmniBOR. This is a surprisingly complex problem space. It feels easy, but it’s not. Show Notes

air cisa context cpe cwe down easy hard josh openssf package podcast problem response security software space swid

Visit resource

More from opensourcesecurity.io / Podcast – Open Source Security

Episode 426 – Automatically exploiting CVEs with AI 4 days, 11 hours ago | opensourcesecurity.io
can corey doctorow cve cves +16
Episode 425 – Video game cheaters, also pretendo 1 week, 4 days ago | opensourcesecurity.io
benford's law cheat cheaters cheating +18
Episode 424 – The Notepad++ Parasite Website 2 weeks, 4 days ago | opensourcesecurity.io
end everything fake fake website +13
Episode 423 – FCC cybersecurity label for consumer devices 3 weeks, 4 days ago | opensourcesecurity.io
ce certification claim compute +16
XZ Bonus Spectacular Episode 1 month ago | opensourcesecurity.io
backdoor basics bonus can +16
Episode 422 – Do you have a security.txt file? 1 month ago | opensourcesecurity.io
bugbounty cybersecurity defined doing +12
Episode 421 – CISA’s new SSDF attestation form 1 month, 1 week ago | opensourcesecurity.io
attestation big cisa current +12
Episode 420 – What’s going on at NVD 1 month, 2 weeks ago | opensourcesecurity.io
back can cve database +17
Episode 419 – Malicious GitHub repositories 1 month, 3 weeks ago | opensourcesecurity.io
attack attackers can ecosystem +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs