BrakeSec Education Podcast podcast show image

BrakeSec Education Podcast

Bryan Brake, Amanda Berlin, and Brian Boettcher

Podcast

Episodes

Listen, download, subscribe

BrakeSec Education Podcast podcast on Apple PodcastApple Podcasts
BrakeSec Education Podcast podcast on Google PodcastsGoogle Podcasts

OSS sustainability, log4j fallout, developer damages own code-p1

• 43 min

Adam Baldwin (@adam_baldwin) Amélie Koran (@webjedi)   Log4j vulnerability   https://logging.apache.org/log4j/2.x/license.html https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/ https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/  F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS.  https://twitter.com/BleepinComputer/status/1480182019854327808 https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries   Faker.js -  https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data Colors.js -  https://www.npmjs.com/pafaker - npmckage/colors get color and style in your node.js console   https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/   Should OSS teams expect payment for giving their time/code away for free? What are their expectations   Should open source projects be aware of how popular they are? What happens when they reach a certain level of popularity?    OSS Sustainability - https://github.blog/2019-01-17-lets-talk-about-open-source-sustainability/   https://webjedi.net/2022/01/03/security-puppy/   Apparently, “Hobbyists” were the bane of a young Bill Gates: (can you https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists   https://en.wikipedia.org/wiki/History_of_free_and_open-source_software History of open source   Licensing Overview: https://youtu.be/Eu_GvrSlShI (this was a talk I gave for Splunk on this)   Event-stream = https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets   https://libraries.io/ Libraries.io monitors 5,039,738 open source packages across 32 different package managers, so you don't have to.   

BrakeSec Education Podcast RSS Feed

Share: TwitterFacebook

Plink icon