| Podcast | https://opensourcesecurity.io/ |
| Web | https://bress.net |
| Cookies? | Yes please |
| TTY | 1 |
| Signal | joshbressers.01 |
We read an entire scroll — without ever opening it
PHerc. 1667, sealed since the eruption of Vesuvius in 79 AD, has been virtually unwrapped and read from beginning to end.
https://scrollprize.org/firstscroll
More information about the Herculaneum Papyrus Scrolls project:
https://www2.cs.uky.edu/dri/herculaneum-papyrus-scrolls/
Scrutineer: scanning open source without flooding maintainers
a CVE dispute. What a great system.
A few years years ago the curl project signed up and became a CNA. This means that we are masters of and can allocate our own CVE identifiers. For any security problems within our territory, it is we who decides if the issue should get a CVE our not. No more bogus CVEs. 57 CVEs … Continue reading a CVE dispute →
On this episode of @CypherCon #HackerHistory I talk to Michael Lenz
It's a great story about starting out with what we now call retro computers, building a SOC and SIEM before those were really things, and eventually putting focus into Burbsec community meetups
https://hackerhistory.com/podcast/the-history-of-michael-lenz/
Hacker History sits down with Michael Lenz. Michael started out in the Commodore 64 era with the usual games and BBS where many others started. His story takes a really interesting turn when he gets himself into infosec (before it's called infosec). He builds a SOC and eventually a SIEM. Before both of those things […]
Podcasts come and podcasts and podcasters go, then occasionally return, so here is a list of my current information security-related subscriptions in order of their latest release.
• Hacker History @2169457 with @joshbressers and guests
• Random but Memorable @236393 with @mattdavey, @MrRooni, Allie, and Anna Eastick at @1password
• Hacking Humans @1021915 with @bittner, @jtcarrigan and @varmazis at @N2K
• Risky Business Features @7716365 with James Wilson and guests
• Risky Bulletin @5423259 with @riskybusiness, @tomatospy, James Wilson, @thegrugq, @campuscodi, et al. featuring shows "Risky Bulletin" with Claire Aird, "Between Two Nerds", "Sponsored", and "Srsly Risky Biz"
• SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) @571906 with @jullrich at @sans_isc
• Open Source Security @518991 with @joshbressers and guests
• Risky Business @548735 with @riskybusiness, Adam Boileau, James Wilson,
• Decipher Security @615780 with @dennisf and @LindseyODWelch at @Deciphersec
• Troy Hunt's Weekly Update Podcast @6971 with @troyhunt of @haveibeenpwned fame
• Surveillance Report @1048322 with @hen at @techlore
• Defensive Security Podcast @735955 with @jerry and @lerg
• Darknet Diaries @577105 with Jack Rhysider @jackrhysider
Thanks again to @dave, @adam, @alberto and all at https://podcastindex.org for the service.
@stewartbaker died 30 April 2026 aged 78.
#InfoSec #InformationSecurity #CyberSecurity #Podcast #Podcasts #PodcastIndex
RE: https://fosstodon.org/@ThePSF/116800035337786641
Completely remediating this report was a massive coordinated team effort and would not be possible without paid security staffing at the PSF. Confirmed remediation in 48 hours from report with extensive follow-up auditing, hardening, and coordinating a third-party audit from Trail of Bits.
Thank you to Alpha-Omega for funding my time and OpenAI for funding the audit through "Patch the Planet".
Please see the write-up for details.
The Python Security Response Team patched an authentication bypass in the python.org release management API in under 48 hours. No evidence of exploitation, all artifacts verified.
Check out the full writeup 👇
https://pyfound.blogspot.com/2026/06/mitigated-api-bypass-for-download-metadata-python-dot-org.html
@opencollective is following @bagder's "summer of bliss" initiative: we are pausing our security bounty program for the summer.
We are also considering adding a rule when we come back to limit the number of paid reports per researcher per week: we'll only pay for the first 3 reports. We hope this will encourage people to prioritize meaningful reports and cut down on the sloppy stuff.
I've tagged #fwupd 2.0.21 which backports fixes for over 250 potential security issues found using various AI security scanners over the last 3 months.
The 2.1.x releases include even more fixes and hardening work, and so most users should use those instead; this release is provided for the more conservative distros.
Project Gutenberg
Alex Russell
Andrew Nesbitt
daniel:// stenberg://
AJCxZ0
Seth Larson
Python Software Foundation
Benjamin Piouffle
Richard Hughes