To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Business Careers Tech Tech Tips
Content provided by RFC Podcast. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by RFC Podcast or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

RFC Podcast « »
Episode 9 – Security in Open Source

37:37
 
Play
Playing
Share
 

MP3Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on October 23, 2017 15:08 (6+ y ago). Last successful fetch was on September 22, 2017 01:43 (6+ y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 163369102 series 1016747
Content provided by RFC Podcast. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by RFC Podcast or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

What we’ve been doing

Chris

  • Vacation
  • Idea refinement & generation

John

  • Finding a job
  • Freelancing via Networking

Security in Open source

  • White Hat vs Black Hat
  • Accidental hackers
    • Stumbling upon a security issue because of another bug
  • All comes down to one thing: Responsible Disclosure
    • Don’t
      • Not posting publicly
      • Not via public Twitter
      • Not telling a bunch of friends
      • Don’t open a GItHub issue publicly
    • Do
      • Usually via an email address
      • Give examples and proof of concept
      • Be willing to work with the team
      • Ask even if you think it’s “dumb”
  • Places to provide disclosure
    • security@ email address
    • HackerOne
    • Contact Form
  • If it’s your project
    • Have a policy in place
      • How do you handle the commits
      • Do they get an issue
      • Do you log them for historical reference (privately)
      • Announcement schedule
      • How do you rate its seriousness?
    • Setup an email address (security@)
  • Examples
    • St Jude Pacemakers
    • WordPress 4.6.1
    • RevSlider
    • Undisclosed Company

How to know if your site is vulnerability?

Sucuri

https://wpvulndb.com/

Links to articles mentioned

Security Reading

Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

The Art of Deception: Controlling the Human Element of Security

The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

Reading

Thanks for listening to episode 8 of the RFCPodcast. Be sure to subscribe at rfcpodcast.com/subscribe and leave us a review on iTunes, they really do help us out. If you have feedback or are interested in sponsoring an episode of the RFCPodcast be sure to visit rfcpodcast.com/input.

  continue reading

10 episodes

#Business #Careers #Tech #Tech Tips
Artwork

Episode 9 – Security in Open Source

RFC Podcast

published

Play Playing
iconShare
 
MP3Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on October 23, 2017 15:08 (6+ y ago). Last successful fetch was on September 22, 2017 01:43 (6+ y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 163369102 series 1016747
Content provided by RFC Podcast. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by RFC Podcast or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

What we’ve been doing

Chris

  • Vacation
  • Idea refinement & generation

John

  • Finding a job
  • Freelancing via Networking

Security in Open source

  • White Hat vs Black Hat
  • Accidental hackers
    • Stumbling upon a security issue because of another bug
  • All comes down to one thing: Responsible Disclosure
    • Don’t
      • Not posting publicly
      • Not via public Twitter
      • Not telling a bunch of friends
      • Don’t open a GItHub issue publicly
    • Do
      • Usually via an email address
      • Give examples and proof of concept
      • Be willing to work with the team
      • Ask even if you think it’s “dumb”
  • Places to provide disclosure
    • security@ email address
    • HackerOne
    • Contact Form
  • If it’s your project
    • Have a policy in place
      • How do you handle the commits
      • Do they get an issue
      • Do you log them for historical reference (privately)
      • Announcement schedule
      • How do you rate its seriousness?
    • Setup an email address (security@)
  • Examples
    • St Jude Pacemakers
    • WordPress 4.6.1
    • RevSlider
    • Undisclosed Company

How to know if your site is vulnerability?

Sucuri

https://wpvulndb.com/

Links to articles mentioned

Security Reading

Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

The Art of Deception: Controlling the Human Element of Security

The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

Reading

Thanks for listening to episode 8 of the RFCPodcast. Be sure to subscribe at rfcpodcast.com/subscribe and leave us a review on iTunes, they really do help us out. If you have feedback or are interested in sponsoring an episode of the RFCPodcast be sure to visit rfcpodcast.com/input.

  continue reading

10 episodes

#Business #Careers #Tech #Tech Tips

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox