Artwork for podcast It's 5:05! Daily cybersecurity and open source briefing
Episode #290: Edwin Kwan: Bluetooth Authentication Bypass Vulnerability in Apple and Linux; Marcel Brown: This Day in Tech History; Trac Bannon: OWASP BOM Maturity Model: Is It Valuable?; Katy Craig: OWASP BOM Maturity Model: A Benefit for Consumers; Olimpiu Pop: OWASP BOM Maturity Model: Is it too soon?; Shannon Lietz: OWASP BOM Maturity Model: Win, Lose, or Draw?
Episode 2908th December 2023 • It's 5:05! Daily cybersecurity and open source briefing • Contributors from Around the World
00:00:00 00:17:54


Free, ungated access to all 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.

The stories we’re covering today.

Marcel Brown: December 8th, 1975. Paul Terrell opens the Byte Shop in Mountain View, California, one of the first retail computer stores in the world. Paul Terrell and the Byte Shop are most famously known for ordering the first 50 computers from Steve Jobs and Steve Wozniak's fledgling Apple Computer Company in 1976.

Edwin Kwan: A Bluetooth authentication bypass vulnerability has been discovered to be impacting Apple, Android, and some Linux devices. The bug allows attackers to connect to devices and inject keystrokes to execute arbitrary commands.

Trac Bannon: OWASP has just introduced the Software Bill of Materials Maturity Model. In general, I'm not a fan of maturity models. They're often inflexible, arbitrary, and don't consider context. That said, there is merit in providing guidance given the slow rate of adoption and even the lack of understanding by the software industry.

Katy Craig: Today we're diving into a game-changer for consumer software transparency: the launch of the BOM Maturity Model by the OWASP Foundation. Simply put, this model is a big win for consumers who want to know more about the software that we use daily.

Olimpiu Pop: Software Bills of Materials, SBOMs, are those labels that we need to stick on our delivered software packages. How should it happen? For now, at least in the Java ecosystem, there is no way of delivering the label together with the package.

Shannon Lietz: We're all talking about Bill of Materials these days. It's an important concept for all of us, for a lot of reasons, in particular software buyers. Anyone who's out there who's buying something from a supplier should be interested in what is in that actual product.