BROADCASTS.com

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Thomas Roccia and Andres Freund. Andres stumbled upon a security issue within SSH while investigating performance discrepancies. He discovered a sophisticated backdoor, skillfully concealed within the LZMA library, part of the XZ package. Sherrod, Thomas, and Andres discuss the importance of proactive security measures and code review in the open-source community. They emphasize the critical role of community collaboration in identifying and mitigating security threats effectively and signal the need for heightened vigilance.\xa0\xa0\n\xa0\xa0\n\nIn this episode you\u2019ll learn:\xa0\xa0\xa0\xa0\xa0\xa0\n\nThe importance of proactive security and code review in the open-source community\xa0\n\nWhy anomalies in software behavior should prompt curiosity and investigation\xa0\n\nOpen-source community cooperation is vital for spotting and addressing security risks\xa0\n\n\xa0\n\nSome questions we ask:\xa0\xa0\xa0\xa0\xa0\n\nCould you explain the security issue you found in SSH and its significance?\xa0\n\nHow serious is this threat, and what steps can organizations take to defend against it?\xa0\n\nWhat advice do you have for open-source contributors?\xa0\n\n\xa0\n\nResources:\xa0\xa0\nView Andres Freund on LinkedIn\xa0\xa0\nView Thomas Roccia on LinkedIn\xa0\xa0\xa0\xa0\xa0\nView Sherrod DeGrippo on LinkedIn\xa0\xa0\n\xa0\n\nRelated Microsoft Podcasts:\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\xa0\n\n\nAfternoon Cyber Tea with Ann Johnson\xa0\n\n\nThe BlueHat Podcast\xa0\n\n\nUncovering Hidden Risks\xa0\xa0\xa0\xa0\xa0\n\n\xa0\n\nDiscover and follow other Microsoft podcasts at microsoft.com/podcasts\xa0\xa0\nGet the latest threat intelligence insights and guidance at Microsoft Security Insider\xa0\n\xa0\nThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.