Everand Logo

Welcome to Everand!

  • Discover this podcast and so much more

    Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

    Deceptive Diffs From Subversive Submitters - ASW #148

    Deceptive Diffs From Subversive Submitters - ASW #148

    FromApplication Security Weekly (Video)

    Start listeningView podcast show

    Deceptive Diffs From Subversive Submitters - ASW #148

    FromApplication Security Weekly (Video)

    ratings:
    Length:
    38 minutes
    Released:
    Apr 26, 2021
    Format:
    Podcast episode

    Description

    We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review?    For additional resources please visit: Deceptive Diffs From Subversive Submitters - ASW #148 Featuring: John Kinsella (https://www.linkedin.com/in/jlkinsel), Mike Shema (https://www.linkedin.com/in/zombie).    Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw148
    Released:
    Apr 26, 2021
    Format:
    Podcast episode

    Titles in the series (100)

    Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.