Grokking Cybersecurity & Open Source | The Knowledge Vault | Episode 01
Вставка
- Опубліковано 5 вер 2024
- In this episode, Anshul speaks with Abhisek Datta, a cyber security expert and open source software builder. He is building an open source project called "vet." It's a tool to discover open source vulnerabilities in your code base.
Table of Contents
0:04 Introduction
1:12 Parallels between kalaripayattu and cyber security
6:54 Economy of bug bounty
11:38 Given enough eyeballs, all bugs are shallow
13:50 Large scale cyber security attack force by nation-states
16:56 XZ Attack: Social engineering and the vulnerability of the weak link
25:34 Software is never finished
26:30 Advance Persistent Threats
28:00 Tragedy of commons in open source software
29:00 Transparency of the open source software
30:22 Why most senior engineers are performance nerds
32:14 The Log4j saga
36:17 The need for SBOM - Software Bill of Material
39:45 Open SSF
43:57 SolarWinds hack
45:58 Wisdom of crowds: Importance of diversity in open source community
48:40 Self balancing feedback loops of open source software community
51:20 Private industry driving the roadmap of opens source software
54:29 When a open source software community forks
56:54 Making EVMs hack proof
1:06:47 Abhisek's open source project Vet
Resources
1. Soham Das' article on EVM. humanlens.subs...
2. Ajay Shah's insights on government software as public goods. • How to correctly draw ...
3. Vet github.com/saf...