Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280 Image

Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280

9 April - 1 hour
Podcast Series Security Weekly Podcast Network (Audio)

We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.

It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing...

1 hour

Series Episodes


Show name


Sub title

Now Playing

The Pat Kenny Show

Live Now: 9AM - 12PM

Presenter logo



Now Playing

The Pat Kenny Show

The Pat Kenny Show

Of The Ball

1 hour left

Today Finished

Next Up




0 mins

No Account

Subscriptions to podcast series are only available to users with an account. Sign in or register to subscribe and access your subscriptions.

Register Sign in


Error text.