Recording date: Apr 17, 2023

Download at Apple Podcasts, Google Podcasts, Spotify, iHeartRadio, Spreaker or wherever you get your podcasts.

“They’re statistical models based on language corpuses and the output of these things can be shown in some cases to be stunningly incorrect.” - Gene Spafford

Gene opens with a comment about the “tendency of the industry to jump on hot trends”, and that sets the scene for much of the discussion, which goes on to touch blockchain, and of course ‘AI’.

We touch upon topics where Gene and his co-authors go into more detail in Cybersecurity Myths and Misconceptions such as where liability should be placed to better incetivise the creation of spftware that’s safe, secure and reliable. Though Gene acknowledges that we don’t (yet) even have good metrics for those terms. That leads into some discussion on whether organisations like the Open Source Security Foundation (OpenSSF) can fill some of the gaps.

Before closing we get to some discussion of the European Union Cyber Resiliance Act (CRA) and some of the consequences that might have for open source software.