Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Elo 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(527)

Episode 366 - Software liability is coming

Episode 366 - Software liability is coming

Josh and Kurt talk about the number of dependencies that is now normal. Keeping track of thousands of dependencies used to be impressive, now it's normal. In what instances should we know everything a...

13 Maalis 202334min

Episode 365 - "I am not your supplier" with Thomas Depierre

Episode 365 - "I am not your supplier" with Thomas Depierre

Josh and Kurt talk to Thomas Depierre about his "I am not a supplier" blog post. We drink from the firehose on this one. Thomas describes the realities and challenges of being an open source maintaine...

6 Maalis 202352min

Episode 364 - Using SBOMs is hard

Episode 364 - Using SBOMs is hard

Josh and Kurt talk about SBOMs. Quite a bit has happened in the world of SBOMs in the last year or so. There are going to be different types of SBOMs, like build, source, or runtime. Each will tell us...

27 Helmi 202336min

Episode 363 - Joylynn Kirui from Microsoft on DevSecOps

Episode 363 - Joylynn Kirui from Microsoft on DevSecOps

Josh and Kurt talk to Joylynn Kirui about DevSecOps in the Microsoft universe. Joylynn gives us an overview of the current state of devops and tells us about some of the tools Microsoft has made avail...

20 Helmi 202331min

Episode 362 - A lesson in Rust from Carol Nichols

Episode 362 - A lesson in Rust from Carol Nichols

Josh and Kurt talk to Carol Nichols about Rust. Carol is an authority on Rust and helps us understand how Rust works, why it's different. Why Rust doesn't have the same problems C and C++ have, and wh...

13 Helmi 202341min

Episode 361 - GitHub got pwnt, but it wasn't very exciting

Episode 361 - GitHub got pwnt, but it wasn't very exciting

Josh and Kurt talk about the recent GitHub breach. It wasn't terribly exciting, but there are some interesting conversations to have around securing certificates, source code, and hardware security mo...

6 Helmi 202333min

Episode 360 - Memory safety and the NSA

Episode 360 - Memory safety and the NSA

Josh and Kurt talk about the NSA guidance on using memory safety issues. The TL;DR is to stop using C. We discuss why C has so many problem, why we can't fix C, and what some alternatives looks like. ...

30 Tammi 202334min

Episode 359 - The NOTAM outage and other legacy technology

Episode 359 - The NOTAM outage and other legacy technology

Josh and Kurt talk about the recent FAA NOTAM outage. Keeping legacy things running for long periods of time is really hard to do, this system is no different. It's also really hard to upgrade many of...

23 Tammi 202334min