#51: A Visit with the Doctor

This week Dave and Gunnar talk with special guest star and elder statesman of open source in security and government, Dr. David A. Wheeler about Heartbleed, security reviews, and why security vulnerabilities are like human organs.

• David’s How to Prevent the next Heartbleed article got picked up by Slashdot
• Fuzz testing
• All about Heartbleed
  • How the Heardbleed bug works (in XKCD cartoon form)
  • Heartbleed tick-tock
  • HT Summer Maynard: What Heartbleed Can Teach The OSS Community About Marketing



• FIPS 140-2


• The Linux Foundation starts the Core Infrastructure Initiative


• Open source code has fewer errors than proprietary code


• SCAP


• HT Robin Price: OpenSCAP 1.0.8 passed the NIST SCAP 1.2 certification


• David dislikes “responsible disclosure” as much as Gunnar dislikes “cybersecurity”


• Patches welcome: David’s FLOSS numbers database with special thanks to Paul Rotilie


• David’s Fully Countering Trusting Trust through Diverse Double-Compiling PhD dissertation and public defense video!

We Give Thanks

• Dr. David A. Wheeler for guest starring and everything he’s done to advance the cause of open source in government.
• Summer Maynard and Robin Price for giving us ideas to talk about
• Paul Rotilie for helping with the FLOSS numbers database