
How the CopyFail disclosure went sideways
From Risky Business Features by Risky Business Media
May 21, 2026 · 19 min
About this episode
The episode discusses the issues surrounding the premature public disclosure of the CopyFail exploit and its implications for open source software.
In this episode, Theori’s Brian Pak and Andrew Wesie join James Wilson to discuss why the CopyFail exploit was publicly disclosed before Linux distributions had their patches ready. As you’ll hear in this episode, mistakes were made and lessons learned. It’s worth a podcast, too, because in our opinion this incident foreshadows the inevitable problems that open source software will face in the unfolding vulnpocalypse.
People in this episode
Host: James Wilson
Guests: Brian Pak, Andrew Wesie
Topics covered
- CopyFail exploit
- public disclosure
- Linux patches
- open source software
- security vulnerabilities
- lessons learned
Keywords
- CopyFail
- exploit
- Linux
- public disclosure
- open source
- security
- vulnerabilities
- patches
- lessons learned
Mentioned in this episode
Organizations: Theori, Linux
More episodes of Risky Business Features
- Why NPM v12 won’t stop supply chain attacks · June 12, 2026 · 39 min
- Everything is getting much worse, much faster · June 5, 2026 · 23 min
- Solo podcast: A deep dive on TeamPCP · June 2, 2026 · 1h 4m
- How to survive supply chain attacks · May 25, 2026 · 37 min
- NCSC’s Ollie Whitehouse on surviving the "bugpocalypse" · May 18, 2026 · 29 min
- What a great agentic AI deployment plan looks like · May 12, 2026 · 40 min
Explore listener stats, chart rankings, contacts and more on the Risky Business Features podcast page.