In this episode of Security Nation, Shopify Senior Staff Software Developer Jacques Chester joins Jen and Tod to discuss his intriguing paper on CVSS scores and the overall oddness of vulnerability distribution. The trio also dives into Jacques’ journey to understanding how security systems affect people in the real world.
Stick around for our Rapid Rundown, where Tod and Jen discuss PyPi's alert to certain open-source publishers about the institution of 2FA technology on the platform.
Jacques Chester
Jacques is a Senior Staff Software Developer at Shopify in the Ruby & Rails Infrastructure group. He leads work on upstream and community improvements to supply chain security, with a focus on the Ruby ecosystem. Previously he worked in cloud-native platforms and consulting for VMware and Pivotal. He is a cat dad.
Show notes
Interview Links
A Closer Look at CVSS ScoresRapid Rundown Links
Bleeping Computer story: PyPI mandates 2FA for critical projects, developer pushes backTwitter thread on deleting atomicwrites, and undeleting itPyPi issues mentioned
https://github.com/pypi/warehouse/issues/11625https://github.com/pypi/warehouse/issues/11805https://github.com/pypi/warehouse/issues/11798Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like security nation jacques chester shopify talks scores
