Jonathan Leitschuh – Medium

Jonathan Leitschuh

he/him

Pinned

Published in

Burn It With Fire: How to Eliminate an Industry-Wide Supply Chain Vulnerability

The supply chain bug that couldn’t be ignored — so I torched it.

Jul 2

Burn It With Fire: How to Eliminate an Industry-Wide Supply Chain Vulnerability

Jul 2

Pinned

Published in

When Open Source Isn’t: How OpenRewrite Lost Its Way

Moderne quietly relicensed community-contributed OpenRewrite code from Apache 2.0 to a proprietary license.

May 14

When Open Source Isn’t: How OpenRewrite Lost Its Way

May 14

Pinned

Published in

5 Years, 160 Comments, and the Vulnerability That Refused to Die

How a 5-year-old deserialization flaw, a vacation phone call, and some persistence led to a safer Java ecosystem

Jun 6

5 Years, 160 Comments, and the Vulnerability That Refused to Die

Jun 6

Pinned

Published in

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially…

Jul 8, 2019

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Jul 8, 2019

Published in

The CVE CNA 72 Hour Rules are Insane

The bureaucracy of the CVE system continues to frustrate me. Next up: the publicly disclosed vulnerability 72 hour rule!

Sep 15

The CVE CNA 72 Hour Rules are Insane

Sep 15

Published in

What’s an OSS Vulnerability Janitor?

What does it take to sweep up after the industries security vulnerabilities that have been left unpatched or undisclosed?

Jul 31

What’s an OSS Vulnerability Janitor?

Jul 31

Falsehoods People Believe about CVE’s

CVE ≠ Vulnerability (And 35 Other Confusions Regarding CVE)

Apr 14

Falsehoods People Believe about CVE’s

Apr 14

You may want to be careful with your choice of `wkhtmltopdf`.

https://wkhtmltopdf.org/status.html

Jul 8, 2024

Jul 8, 2024

Published in

Update: Want to take over the Java ecosystem? All you need is a MITM!

January 13th-15th, 2020 will break over 21% of the industry’s Java build infrastructure. Six months since my initial article disclosing…

Jan 8, 2020

Update: Want to take over the Java ecosystem? All you need is a MITM!

Jan 8, 2020

Need MDNS? Just Install iTunes

Over 6 years ago I was working on a small project called WPILib. WPILib is a library used by High School FIRST Robotics teams to program…

Oct 9, 2019

Need MDNS? Just Install iTunes

Oct 9, 2019

Jonathan Leitschuh

Jonathan Leitschuh

he/him

Vulnerability Janitor, Security Researcher, Software Engineer, Public Speaker, Open Source Contributor

Following

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech