This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/
This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/
This episode of #OpenSourceSecurity I chat with Alex Zenla from Edera about the #TARmageddon vulnerability they found
I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one. Alex fills us in on how it was found, what the coordination looked like, and some things to think about as we manage these incredibly complex supply chains
https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/
This episode of #OpenSourceSecurity I chat with Alex Zenla from Edera about the #TARmageddon vulnerability they found
I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one. Alex fills us in on how it was found, what the coordination looked like, and some things to think about as we manage these incredibly complex supply chains
https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/
On this episode of #OpenSourceSecurity I chat with @hughsie about the Linux Vendor Firmware Service (LVFS)
While it's amazing we can update firmware from Linux now, it was a ton of work to get us here
If you have gear that doesn't work with LVFS, make sure you ask the vendor why not (and support the hardware folks who do support LVFS)
https://opensourcesecurity.io/2025/2025-11-lvfs-richard-hughes/
On this episode of #OpenSourceSecurity I chat with @hughsie about the Linux Vendor Firmware Service (LVFS)
While it's amazing we can update firmware from Linux now, it was a ton of work to get us here
If you have gear that doesn't work with LVFS, make sure you ask the vendor why not (and support the hardware folks who do support LVFS)
https://opensourcesecurity.io/2025/2025-11-lvfs-richard-hughes/
This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian
It's a fascinating conversation about a very complicated topic
There are things that could be detected, but this one would have been very very difficult
This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian
It's a fascinating conversation about a very complicated topic
There are things that could be detected, but this one would have been very very difficult
How do you secure thousands of open-source projects?
At the June 2025 FreeBSD Developer Summit, Michael Winser shared three years of lessons from the Alpha-Omega project—covering supply chain risk, rapid audits, and sustainable funding.
📺 Watch here: Lessons From Funding Open Source Security Over the Past 3 Years, What’s Ahead
https://youtu.be/6DoT-eFH6tY?si=M_zlAfXFrCrvj36_
How do you secure thousands of open-source projects?
At the June 2025 FreeBSD Developer Summit, Michael Winser shared three years of lessons from the Alpha-Omega project—covering supply chain risk, rapid audits, and sustainable funding.
📺 Watch here: Lessons From Funding Open Source Security Over the Past 3 Years, What’s Ahead
https://youtu.be/6DoT-eFH6tY?si=M_zlAfXFrCrvj36_
