More The Secure Disclosure episodes
Published 16 Mar 2026
Duration: 00:33:36
The Curl project's evolution from a 1996 currency tool to a prominent open-source library highlights community-driven growth, open-source maintenance challenges, AI's impact on security reporting, sustainability issues, and tensions between innovation and unresolved technical risks.
Daniel Stenberg, creator of curl, explains how a small open source tool became core internet infrastructure. The conversation covers curls origin, mai...
The podcast explores the origins and evolution of the open-source tool Curl, which began as a personal project in 1996 by Daniel Stenberg to fetch currency rates for his IRC bot. Initially based on a minimal tool called HTTPGAT, it gradually expanded into a widely-used utility for handling URLs and HTTP requests. The development process was organic, driven by community contributions, user feedback, and iterative improvements over two decades. Despite its scalenow used in 30 billion applicationsthe project retained its core ethos of simplicity and collaborative refinement. However, the discussion also highlights challenges faced by open-source maintainers, including mental health strains from managing high-impact projects and navigating toxic interactions within the community.
A significant portion of the content revolves around modern challenges in open-source security, particularly the surge in AI-generated vulnerability reports. These reports, often detailed but invalid, overwhelm security teams, consuming time and resources while masking genuine issues. The decision to discontinue the Curl bug bounty program underscores tensions between external funding models and the need for quality control, as platforms like HackerOne struggle with low-validity submissions. Proposed solutionssuch as AI-based filtering, reputation systems, and credential requirementsface trade-offs between reducing spam and excluding new contributors. The dialogue also touches on the broader implications of AIs role in coding and security, noting both its productivity benefits and risks of deepening confusion or undermining foundational knowledge.
The narrative culminates in reflections on the evolving nature of open-source development and its sustainability. Maintainers grapple with balancing inclusivity and quality, ensuring newer contributors are not unfairly sidelined by rigid systems. Simultaneously, the rise of AI in technical fields raises philosophical questions about human adaptability, the erosion of deep technical understanding, and the resilience of the engineering community in confronting increasingly complex systems. The podcast ultimately portrays open source as a dynamic, human-driven endeavor shaped by both technical innovation and the persistent challenges of collaboration, ethics, and unforeseen consequences.
6 May 2026 AI Panic is Driving Shadow IT w/ Noora Ahmed-Moshe
AI's impact on employment and cybersecurity risks, driven by shadow AI, phishing, and emerging threats like prompt injection, require balancing workforce skills, security measures, and organizational trust.
29 Apr 2026 When AI Agents Change their Intent w/ Frank Vukovits
AI agents, autonomous non-human entities operating in enterprise systems without human oversight, pose security and governance challenges requiring updated access control frameworks, real-time monitoring, and intent-based governance to address risks like unauthorized access and shadow AI, paralleling historical tech challenges like Y2K.
22 Apr 2026 OWASP Top 10, Vibe Coding, and What Developers Miss w/ Tanya Janca
Gaps in cybersecurity education, persistent vulnerabilities like SQL injection, OWASP data limitations, evolving supply chain risks, high training costs, AI's contextual challenges, and the need for secure-by-design principles and collaboration highlight systemic challenges in addressing evolving cyber threats.
15 Apr 2026 The Future of Hacking is Agentic w/ Jason Haddix
Recommended: Security Testing will change, and might change quicker than this episode suggests. Keep Security Top of Mind during Development.
AI transforms security with automated penetration testing and threat detection, but requires human oversight to mitigate risks like prompt injection, ensure ethical use, and balance AI efficiency with creative problem-solving in an evolving threat landscape.
7 Apr 2026 Open Source Malware, Supply Chain Risk, and Contagious Interviews: w/ Paul McCarty and Jenn Gile
Cyberattacks exploit developers and non-technical roles via social engineering and malware, with inadequate detection systems, state-sponsored threats targeting open-source ecosystems, and proposed solutions like the Open Source Malware Initiative and registry reforms to enhance tracking, accountability, and threat intelligence sharing.