Episode 392

Episode 392 - Curl and the calamity of CVE

Open Source Security · Open Source Security

September 11, 202346m 25s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Josh and Kurt talk about why CVE is making the news lately. Things are not well in the CVE program, and it's not looking like anything will get fixed anytime soon. Josh and Kurt have a unique set of knowledge around CVE. There's a lot of confusion and difficulty in understanding how CVE works.

Show Notes

Curl blog post
Now it's PostgreSQL's turn to have a bogus CVE
GitHub Advisory Database
Josh's "CVE tried to get me fired" story

← All episodes of Open Source Security