Web: http://brakeingsecurity.com/oss-sustainability-log4j-fallout-developer-damages-own-code-p1 Audio: https://traffic.libsyn.com/secure/brakeingsecurity/OSS_sustainability_log4j_fallout_developer_damages_own_code-p1.mp3?dest-id=177487

Jan. 12, 2022, 12:20 a.m. | Amélie Koran, Adam Baldwin, Amanda Berlin, and Bryan Brake

Brakeing Down Security Podcast brakeingsecurity.com

Adam Baldwin (@adam_baldwin)

Amélie Koran (@webjedi)

 

Log4j vulnerability

 

https://logging.apache.org/log4j/2.x/license.html

https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/

https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/ 



F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. 

https://twitter.com/BleepinComputer/status/1480182019854327808

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries

 

Faker.js -  https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data

Colors.js -  https://www.npmjs.com/pafaker - npmckage/colors get color and style in your node.js console

 

https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/

 

Should OSS teams expect payment for giving their time/code away for free? What are their expectations

 

Should open source projects be aware of how popular they …

adambaldwin amliekoran code colorjs developer log4j opensource oss own

Head of Information Security

@ Canny | Remote

Information Technology Specialist (INFOSEC)

@ U.S. Securities & Exchange Commission | Washington, D.C.

Information Security Manager - $90K-$180K - MANAG002176

@ Sound Transit | Seattle, WA

Sr. Software Security Architect

@ SAS | Remote

Senior Incident Responder

@ CipherTechs, Inc. | Remote

Data Security DevOps Engineer Senior/Intermediate

@ University of Michigan - ITS | Ann Arbor, MI