A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257
b'
Attackers impersonate Dependabot commits, an alg of "none" plagues a JWT, CISA calls for hardware bills of materials, OpenSSF lists its critical projects, Exim (finally! maybe?) has some patches, bug bounties and open source projects, and more!
Show Notes: https://securityweekly.com/asw-257
'