PLAY PODCASTS
Open Source Vulnerabilities - Who is Ultimately Responsible

Open Source Vulnerabilities - Who is Ultimately Responsible

In this broadcast, I speak with Chris Roberts and…

The OWASP Podcast Series

December 3, 201846m 31s

Audio is streamed directly from the publisher (feeds.soundcloud.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

In this broadcast, I speak with Chris Roberts and Derek Weeks about lines of responsibility and npm package highjacking in light of the event-stream vulnerability announcement last week. The announcement of the event-stream npm package vulnerability has once again raised the issue of who it ultimately responsible when a breach like this is announced. Is it the original creator of the package? What about the team maintaining the package? Where does' the end user fit it in? How does social engineering come into play?
← All episodes of The OWASP Podcast Series