| Podcast | https://opensourcesecurity.io/ |
| Web | https://bress.net |
| Cookies? | Yes please |
| TTY | 1 |
| Signal | joshbressers.01 |
On Tuesday April 21, 16:00 UTC I will join the panel in an Anchore webinar titled "The challenges of 3rd party software risk" together with some brilliant people.
Free to attend, but sign-up required.
https://go.anchore.com/the-challenges-of-third-party-software.html
"This Is The One Thing We Didn't Want To Happen"
A new #HackerHistory is out!
This time we hear the story of Pyr0
Pyr0 tells us about a new upcoming conference all about hacker history, NaClCON
Then we hear about a lot of awesome hacker history
It's a great story!
Hacker History sits down with Luke McOmie, AKA Pyr0, to talk about a new conference about hacker history, as well as his history. Pyr0 tells us all about NaClCON. It's a conference dedicated to the stories of the hackers themselves. Go register if you're interested ... while you still have time! Pyr0 then tells us […]
we’ve been grappling with Stack Overflow issues with our language rankings for some time now, but this run we got to add some GitHub data weirdness as well.
anyway, the Q1 language rankings are now live. enjoy.
https://redmonk.com/sogrady/2026/04/14/language-rankings-1-26/
This iteration of the RedMonk programming Language Rankings is brought to you by Amazon Web Services. AWS manages a variety of developer communities where you can join and learn more about building modern applications in your preferred language. This edition of the RedMonk Programming Language Rankings is either three months late or two months early,
One part of the solution (under-considered IMO) is returning human relationships to OSS: you don’t just submit a PR; you build trust, have a real conversation, then submit a PR.
I don’t know what exactly that looks like in practice; there’s surely not just one answer for everyone. But I know what it •doesn’t• look like: a contribution •starting• with a huge code drop.
4/
I had a chat with Paul McCarty about his project Open Source Malware
Paul has a ton of great insight into what's happening with the massive influx of malware into our open source ecosystems
https://opensourcesecurity.io/2026/2026-04-open-source-malware-paul-mccarty/
Josh talks to Paul McCarty of Open Source Malware about … open source malware. Paul explains why there aren’t many good open source malware datasets. We discuss why the existing data is lacking for many use cases. We of course touch on AI and the malware in skills problems and challenges. It’s a fun discussion with a lot of new and interesting problems we all have to deal with. Episode Links Paul McCarty Open Source Malware Open Source Malware Blog This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.
zizmor 1.24 is released! lots of bugfixes and features/enhancements:
Linus released Linux v7.0 a few hours ago, and while I didn't have the time to do a merge window highlight post, I did capture all of the LSM, SELinux, and audit highlights for Linux v7.0 in the post below.
Brocards for vulnerability triage
https://blog.yossarian.net/2026/04/11/Brocards-for-vulnerability-triage
daniel:// stenberg://
Andrew Nesbitt
steve o'grady
Paul Cantrell
yossarian (1.3.6.1.4.1.55738)
Paul Moore
Kevin Beaumont