Deceptive Diffs From Subversive Submitters - ASW #148 episode artwork

EPISODE · Apr 26, 2021 · 38 MIN

Deceptive Diffs From Subversive Submitters - ASW #148

from Application Security Weekly (Video)

We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's reputation, as we've seen in Chrome Plugins. So, what could have been a better research focus? In the era of more pervasive fuzzing, how much should we continue to rely on people for security code review?    For additional resources please visit: Deceptive Diffs From Subversive Submitters - ASW #148 Featuring: John Kinsella (https://www.linkedin.com/in/jlkinsel), Mike Shema (https://www.linkedin.com/in/zombie).    Read the research paper at https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw148

Episode metadata supplied by the publisher feed · Published Apr 26, 2021

NOW PLAYING

Deceptive Diffs From Subversive Submitters - ASW #148

0:00 38:16

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Application Security Weekly (Video)?

This episode is 38 minutes long.

When was this Application Security Weekly (Video) episode published?

This episode was published on April 26, 2021.

What is this episode about?

We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out...

Can I download this Application Security Weekly (Video) episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!