daniel:// stenberg://
Andrew NesbittCan someone create a website that tracks how many security related open source companies are still using GitHub actions?
| Podcast | https://opensourcesecurity.io/ |
| Web | https://bress.net |
| Cookies? | Yes please |
| TTY | 1 |
| Signal | joshbressers.01 |
Josh Bressers
- 2.6K Followers
- 885 Following
- 767 Posts
VP of Security at Anchore - Podcaster (http://opensourcesecuritypodcast.com http://hackerhistory.com) - Blogger (http://opensourcesecurity.io) - He/Him
Semantic Vibing (semvib) is where you version your SKILL.md files with semver (1.2.3) like it makes any difference to the reproducibility or determinism of your prompts.
The year is 2050. The Onion is the only news company left
They have been printing true stories for over ten years, but everyone thinks it's still parody
High-Quality chaos. This is where we're at right now, security reporting wise.
High-Quality Chaos
As I have been preparing slides for my coming talk at foss-north on April 28, 2026 I figured I could take the opportunity and share a glimpse of the current reality here on my blog. The high quality chaos era, as I call it. No more AI slop I complained and I complained about the … Continue reading High-Quality Chaos →
Allan FriedmanDC folks - come and help save the 15th street bike lane TODAY. It allows locals and tourists to safely travel around the monuments, cross to the Tidal Basin, get to the Wharf, etc. It’s crazy that they are trying to remove it.
https://waba.org/event/tomorrow-save-americas-bike-lane-rally-5pm/
RE: https://mastodon.social/@bagder/116420048815872070
This thing happens tomorrow. In about... 18 hours or so.
I had another chat with David Bernstein about creating a disaster recovery plan on #OpenSourceSecurity
With all the events unfolding almost every day lately, there's never been a better time to put a plan like this together. In a few weeks David will tell us how to test such a plan once we create it
It's a lot less complicated than it seems, I know I've made this a lot harder than it needs to be
https://opensourcesecurity.io/2026/2026-04-disaster-planning-david-bernstein/
Building a plan for disaster with David Bernstein
Josh welcomes back David Bernstein to talk about creating a disaster recover plan. It’s a very timely topic given all the current events. There are more supply chain attacks and compromises than ever before. There are some great resources for this planning, but as David tells us, it’s really not that hard to put some plans together. It’s easy to over-plan, David gives some great tips on getting started with our planning for an eventual incident.
Jerry GamblinVersion 2 of my CVE Intelligence TA for
Splunk is live on Splunkbase.
I’ve added EPSS probability, CISA KEV status, and SSVC data to the baseline for 327k+ vulnerabilities.
No API keys, zero-config, and pre-joined lookups for faster triage.
Full details and download: https://jerrygamblin.com/2026/04/18/prioritizing-what-matters-bringing-cve-intelligence-to-splunk/
On Tuesday April 21, 16:00 UTC I will join the panel in an Anchore webinar titled "The challenges of 3rd party software risk" together with some brilliant people.
Free to attend, but sign-up required.
https://go.anchore.com/the-challenges-of-third-party-software.html
