CVE for EOL with Aaron Frost - podcast episode cover

CVE for EOL with Aaron Frost

Open Source Security
Apr 14, 202530 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with knowledge. The conversation uncovers the ethical tensions between resource constraints and security transparency, highlighting why the "vulnerable until proven otherwise" approach is the best path forward for end of life software.

The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-04-cve_eol_aaron_frost/

For the best experience, listen in Metacast app for iOS or Android