/* ---- Google Analytics Code Below */

Thursday, May 05, 2022

Security Now on Future Open Source

This week a  very good podcast session in TWIT:Security Now:  https://twit.tv/shows/security-now/episodes/869?autostart=false.   Regarding the future of security, especially on Open source efforts in the DOD and beyond.    Sent out to my former DOD colleagues.  

For full text https://www.grc.com/sn/SN-869-Notes.pdf   by Steve Gibson

This week on Security Now! This week we're going to examine the success of the abbreviation overloaded DoD's DIB-VDP pilot program. We’re going to introduce the relatively new OpenSSF - Open Source Security Foundation    -  “We believe open source is a public good and across every industry we have a responsibility to come together to improve and support the security of open source software we all depend on. It is one of the most important things we can do.”    and its Package Analysis Project. We're going to look at some hopeful new privacy legislation recently passed in Connecticut's house which if signed into law would cause it to join four other privacy-progressive states, and we're going to look at Moxie Marlinspike's irreverent rationale for the need for port knocking. Then, after sharing some interesting listener feedback, we're going to look at the background, implementation and future of a very encouraging development in user web browser and Internet privacy.... '

Referring further to: 

DIB-VDP Pilot Overview

The Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) Pilot is a 12-month voluntary event established collaboratively by DC3’s DoD Defense Industrial Base Collaborative Information Sharing Environment (DCISE), DoD Vulnerability Disclosure Program (DoD VDP), and the Defense Counterintelligence and Security Agency (DCSA).  ....' 

No comments: