Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 21 Jun 2023 16:02:28 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Solar Designer talk about 15 years of oss-security at SSTIC conference

Hi all,

After SSTIC in Rennes, France, I also gave a revision of the talk at
BSidesLjubljana in Ljubljana, Slovenia.  Incidentally, this was SSTIC's
20th anniversary and the event was closed by a related talk on 20+ years
of CERT-FR and ANSSI, whereas this year's BSidesLjubljana was held in
the computer history museum, a fitting venue for the beginning of my
talk, which starts with a retrospective into the 1980s.

Here are the slides:

https://www.openwall.com/presentations/SSTIC-BSidesLjubljana2023-oss-security/

I've attached the Markdown source for these to this message.

Video of the SSTIC talk is available via the link to SSTIC conference
website, and I expect the same will be true for BSidesLjubljana soon.

I'd like to thank the organizers of both of these events for making them
so great.  It was a pleasant experience attending and speaking at these.

On Sat, Jun 10, 2023 at 10:04:44AM +0000, Katherine Mcmillan wrote:
> has there ever been any consideration of having an "oss-security-advocacy" list?

No, but your question got me thinking about it now.  I think that before
possibly setting up a new list, we should have that sort of discussions
in here - then see if we really want to move them to a separate list.

> I like seeing/sharing relevant updates like this.

I see no problem with them being right on the oss-security list.  While
we generally don't allow conference CFPs here, we do allow and encourage
relevant materials from conferences to be shared here.  A minor problem
is sharing actual content vs. links only - we want the actual content
for archival, but these days slide decks tend to be a bit too large
for relaying them to all list members most of whom don't need a copy.

On Tue, Jun 13, 2023 at 07:48:40PM +0300, Georgi Guninski wrote:
> I am missing the old full disclosure mailing list,
> there is little discussion on oss-security.

I'm all for more discussion, but I'd like it to be relevant and helpful.

Alexander

View attachment "SSTIC-BSidesLjubljana2023-oss-security.md" of type "text/plain" (10816 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.