35: Busting Open Source Security Myths

Eric and Brandon sit down and look into some of the biggest security myths around Open Source software and one by one debunk them right on the show! Destination Linux Network (https://destinationlinux.network) Sudo Show Website (https://sudo.show) Sponsor: Bitwarden (https://bitwarden.com/dln) Sponsor: Digital Ocean (https://do.co/dln-mongo) Sudo Show Swag (https://sudo.show/swag) Contact Us: DLN Discourse (https://sudo.show/discuss) Email Us! (mailto:contact@sudo.show) Sudo Matrix Room (https://sudo.show/matrix) Heartbleed (https://heartbleed.com) Sophos: Venom Virtual Machine Escape Bug (https://nakedsecurity.sophos.com/2015/05/14/the-venom-virtual-machine-escape-bug-what-you-need-to-know) Tidelift Blog: More than Half of Maintainers Have Quit or Considered Quitting, and Here’s Why (https://blog.tidelift.com/finding-5-more-than-half-of-maintainers-have-quit-or-considered-quitting-and-heres-why) Jaeger Tracing (https://www.jaegertracing.io/) Article: Measure the Health of Open Source Communities (https://www.linux.com/news/measuring-the-health-of-open-source-communities) Open Source Security Foundation (OpenSSF) (https://openssf.org) Article: Google Releases New Open Source Seucirty Software Program Scorecards (https://www.zdnet.com/google-amp/article/google-releases-new-open-source-security-software-program-scorecards) GitHub: OSSF Scorecard (https://github.com/ossf/scorecard) LFX Insights (https://insights.lfx.linuxfoundation.org/projects) Tidelift (https://tidelift.com) Open Collective (https://opencollective.com) Chapters 00:00 Intro 00:42 Welcome 01:14 Sponsor - Bitwarden 02:40 Sponsor - Digital Ocean 03:42 OSS Has Vulnerabilities 07:45 Free means cheap 14:53 Heartbleed Bug 20:25 Open Source is Amature 24:29 OpenSSF Scorecard 33:07 Wrap Up