all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OSS sustainability, log4j fallout, developer damages own code-p1

Add to bookmarks
Jan. 12, 2022, 12:20 a.m. | Amélie Koran, Adam Baldwin, Amanda Berlin, and Bryan Brake

Brakeing Down Security Podcast www.brakeingsecurity.com

Adam Baldwin (@adam_baldwin)

Amélie Koran (@webjedi)

 

Log4j vulnerability

 

https://logging.apache.org/log4j/2.x/license.html

https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/

https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/ 



F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. 

https://twitter.com/BleepinComputer/status/1480182019854327808

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries

 

Faker.js -  https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data

Colors.js -  https://www.npmjs.com/pafaker - npmckage/colors get color and style in your node.js console

 

https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/

 

Should OSS teams expect payment for giving their time/code away for free? What are their expectations

 

Should open source projects be aware of how popular they …

adambaldwin code developer log4j opensource oss own

Visit resource

More from www.brakeingsecurity.com / Brakeing Down Security Podcast

Josh Grossman - building Appsec programs, bridging security and developer gaps 1 week, 2 days ago | www.brakeingsecurity.com
appsec asvs brakesec codeanalysis +8
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox 2 weeks, 2 days ago | www.brakeingsecurity.com
board members ciso goldiknox grc +3
p2-accidentalCISO, building trust in new places 2 months, 1 week ago | www.brakeingsecurity.com
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec 2 months, 3 weeks ago | www.brakeingsecurity.com
cicd ciso development management +1
1st show of 2024! Our 10th Anniversary... 3 months, 2 weeks ago | www.brakeingsecurity.com
accountability leadership
Brakesec Call to Action 2023 4 months ago | www.brakeingsecurity.com
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts! 4 months, 2 weeks ago | www.brakeingsecurity.com
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can … 5 months, 4 weeks ago | www.brakeingsecurity.com
breach cybersecurity okta ransomware +1
NIcole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt … 7 months ago | www.brakeingsecurity.com

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Systems Security Officer (ISSO) (Remote within HR Virginia area)

@ OneZero Solutions | Portsmouth, VA, USA
View on infosec-jobs.com

Security Analyst

@ UNDP | Tripoli (LBY), Libya
View on infosec-jobs.com

Senior Incident Response Consultant

@ Google | United Kingdom
View on infosec-jobs.com

Product Manager II, Threat Intelligence, Google Cloud

@ Google | Austin, TX, USA; Reston, VA, USA
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com
View more jobs