This episode of #OpenSourceSecurity I discuss @suricata with @inliniac
Victor tells us all about the past, present, and future of #Suricata
I learned a ton
https://opensourcesecurity.io/2026/2026-01-suricata-victor-julien/
This episode of #OpenSourceSecurity I discuss @suricata with @inliniac
Victor tells us all about the past, present, and future of #Suricata
I learned a ton
https://opensourcesecurity.io/2026/2026-01-suricata-victor-julien/
For the evening crowd: I was on @joshbressers's #OpenSourceSecurity podcast, chatting about iocaine. My first interview and video appearance in about a decade, and it was a lot of fun. Thanks Josh!
Also: there's now recent video proof that I am not a mouse! I even look presentable on the thumbnail, a marvelous feat.
Look here for the link.
This week on #OpenSourceSecurity I have a chat with @algernon about @iocaine
Iocaine creates a maze of garbage to trap scraping bots. I love this idea, it has amazing chaotic good energy!
I learn all about how Iocaine works, and even got to see some dashboards showing off the size of the problem and how Iocaine handles it all.
https://opensourcesecurity.io/2026/2026-01-iocaine-algernon/
This week on #OpenSourceSecurity I have a chat with @algernon about @iocaine
Iocaine creates a maze of garbage to trap scraping bots. I love this idea, it has amazing chaotic good energy!
I learn all about how Iocaine works, and even got to see some dashboards showing off the size of the problem and how Iocaine handles it all.
https://opensourcesecurity.io/2026/2026-01-iocaine-algernon/
This week on #OpenSourceSecurity I have a chat with @cadey about #Anubis, the tool that stops web AI scrapers
The scale of web scraping is way worse than I expected, and blocking things is also a lot harder than I expected
This is one of those conversations where I learned how little I know
This week on #OpenSourceSecurity I have a chat with @cadey about #Anubis, the tool that stops web AI scrapers
The scale of web scraping is way worse than I expected, and blocking things is also a lot harder than I expected
This is one of those conversations where I learned how little I know
This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/
This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/
This episode of #OpenSourceSecurity I chat with Alex Zenla from Edera about the #TARmageddon vulnerability they found
I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one. Alex fills us in on how it was found, what the coordination looked like, and some things to think about as we manage these incredibly complex supply chains
https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/
This episode of #OpenSourceSecurity I chat with Alex Zenla from Edera about the #TARmageddon vulnerability they found
I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one. Alex fills us in on how it was found, what the coordination looked like, and some things to think about as we manage these incredibly complex supply chains
https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/
On this episode of #OpenSourceSecurity I chat with @hughsie about the Linux Vendor Firmware Service (LVFS)
While it's amazing we can update firmware from Linux now, it was a ton of work to get us here
If you have gear that doesn't work with LVFS, make sure you ask the vendor why not (and support the hardware folks who do support LVFS)
https://opensourcesecurity.io/2025/2025-11-lvfs-richard-hughes/
On this episode of #OpenSourceSecurity I chat with @hughsie about the Linux Vendor Firmware Service (LVFS)
While it's amazing we can update firmware from Linux now, it was a ton of work to get us here
If you have gear that doesn't work with LVFS, make sure you ask the vendor why not (and support the hardware folks who do support LVFS)
https://opensourcesecurity.io/2025/2025-11-lvfs-richard-hughes/
This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian
It's a fascinating conversation about a very complicated topic
There are things that could be detected, but this one would have been very very difficult
This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian
It's a fascinating conversation about a very complicated topic
There are things that could be detected, but this one would have been very very difficult
How do you secure thousands of open-source projects?
At the June 2025 FreeBSD Developer Summit, Michael Winser shared three years of lessons from the Alpha-Omega project—covering supply chain risk, rapid audits, and sustainable funding.
📺 Watch here: Lessons From Funding Open Source Security Over the Past 3 Years, What’s Ahead
https://youtu.be/6DoT-eFH6tY?si=M_zlAfXFrCrvj36_
How do you secure thousands of open-source projects?
At the June 2025 FreeBSD Developer Summit, Michael Winser shared three years of lessons from the Alpha-Omega project—covering supply chain risk, rapid audits, and sustainable funding.
📺 Watch here: Lessons From Funding Open Source Security Over the Past 3 Years, What’s Ahead
https://youtu.be/6DoT-eFH6tY?si=M_zlAfXFrCrvj36_
