The XZ Utils backdoor was a very subtle operation that took several years to pull off, and while some of the technical details are known, there is plenty we still don't know. Dennis Fisher and Lindsey O'Donnell-Welch talk about the unknowns and what if anything could have been done to prevent this from happening.
Kelley Misata, senior director of open source of open source at Corelight and CEO of Sightline Security, joins Dennis Fisher to talk about her road to get into security, the importance of protecting at-risk populations, and the challenges of building community in the open source world.
The PyPI maintainers say a new phishing campaign is targeting Python project maintainers and aiming to steal credentials and compromise projects.
Google is creating a new Open Source Maintenance Crew to aid critical open source projects up their security game.