25/01/24 Open Session Summary

Cybersecurity Concerns and Election Integrity

The team discussed the potential implications of the current administration's actions on cybersecurity and election integrity. Kyle brought up the topic of the President's efforts to dismantle Siska, which could have significant impacts on national security and cybersecurity. Shawn and Neil agreed that the news was initially more alarming than necessary, and that it was too early to panic. They also discussed the potential effects on Cisa and Nvd, emphasizing the need to carefully monitor the situation. Jay added that the team is lucky to have someone tracking these developments, and that the situation is complex due to the involvement of other people behind the President's actions. The team agreed to continue monitoring the situation and to be prepared for any changes in the cybersecurity landscape.

New Members Join and Discuss Format

The meeting began with Shawn welcoming new members to the group and encouraging them to ask questions. New members introduced themselves, including Precious, a data analyst from Oklahoma City, and Aidan, a master's student at the University of Michigan. Shawn also mentioned that the group includes members from competitors Orca and Whiz, but they come together for the community. The conversation ended with Shawn describing the typical format of their sessions, which include open discussions and occasional presentations.

NYU Cyber Security Master's Program

Paul discussed his enrollment in a new course at NYU's Cyber Security master's program, focusing on global perspectives in technology. The course includes a required travel component to London and will study the geopolitical, societal, and historical differences between major countries and how they affect technology and cybersecurity. The group also discussed the potential for avoiding politics in cybersecurity, with Shawn and Matthew sharing their experiences of managing permissions and secrets in their work. Jay and Neil shared their experiences of dealing with political and legal issues in their roles, particularly in incident response and investigations. San and Brandon discussed the importance of understanding the unspoken rules in certain countries and the limitations of cyber insurance in conflict zones. The conversation ended with a topic change suggestion by Brandon.

Open Source Software in Cybersecurity

The team discussed the challenges and opportunities of open source software in the context of cybersecurity and insurance. Jay clarified that the insurance industry has become more selective in offering cyber insurance, vetting potential clients and their security programs before providing coverage. Brandon raised a question about policyholders in war zones, while Neil discussed the recent fork of Semgrep and its implications for open source software. The team also discussed the potential for monetizing open source software through services and products built on top of it, and the importance of learning tools through community editions. The conversation ended with Matt emphasizing the value of open source software in enabling people to learn and potentially use a tool in a professional setting.

Open Source Software Security Concerns

The group discusses open source software, its benefits and challenges. Neil shares that 10% of new CVEs in 2024 came from the Linux kernel and Wordpress plugins, highlighting security concerns. Josef cautions against companies offering both open source and paid versions due to potential conflicts of interest. The group debates the definition of open source and whether commercial use is allowed based on licensing. There is also discussion around providing free trial versions versus fully open source products, weighing costs versus risk. Towards the end, Shawn mentions two young girls who found security bugs in Google products and got paid through the bug bounty program, serving as an example of "advanced persistent teenagers." The group seems interested in having the girls present at a future meetup.

AI-generated content may be inaccurate or misleading. Always check for accuracy.