Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Elo 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(527)

Linux Vendor Firmware Service with Richard Hughes

Linux Vendor Firmware Service with Richard Hughes

Josh talks to Richard Hughes about the world of firmware. We cover how Richard's journey from developing the ColorHug led to the creation of the Linux Vendor Firmware Service (LVFS), changing how firm...

17 Marras 202535min

NPM supply chain attacks with Charlie Eriksen

NPM supply chain attacks with Charlie Eriksen

Josh chats with Charlie Eriksen, a security researcher at Aikido Security. We discuss the recent NPM supply chain attacks that affect hundreds of packages. Charlie shares his experiences dealing with ...

9 Marras 202534min

Detecting XZ in Debian with Otto Kekäläinen

Detecting XZ in Debian with Otto Kekäläinen

In this episode, Josh and Otto dive into the world of Debian packaging, exploring the challenges of supply chain security and the importance of transparency in open source projects. They discuss Otto'...

2 Marras 202531min

Eclipse Foundation SBOMs with Mikael Barbero

Eclipse Foundation SBOMs with Mikael Barbero

In this conversation, Josh speaks with Mikael Barbero, head of security at the Eclipse Foundation. They discuss the foundation's role in enhancing the security posture of open source projects, the imp...

20 Loka 202531min

Actually finding vulnerabilities using AI with Joshua Rogers

Actually finding vulnerabilities using AI with Joshua Rogers

I chat with Joshua Rogers about a blog post he wrote as well as some bugs he submitted to the curl project. Joshua explains how he went searching for some AI tools to help find security bugs, and foun...

13 Loka 202531min

Sustaining Package Repositories with Brian Fox

Sustaining Package Repositories with Brian Fox

Brian Fox discusses the challenges and future of open source package repository infrastructure. We discuss the complexities of managing public registries, the impact of overconsumption, and the import...

6 Loka 202542min

Arch Linux Security with Foxboron and Anthraxx

Arch Linux Security with Foxboron and Anthraxx

Join us for a conversation with Foxboron (Morten Linderud) and Anthraxx (Levente Polyak), members of the Arch Linux security team. We talk about the difficulties of maintaining a Linux distribution, t...

29 Syys 202538min

OpenSSL with Hana Andersen and Anton Arapov

OpenSSL with Hana Andersen and Anton Arapov

I discuss all things OpenSSL with Hana Andersen and Anton Arapov from the OpenSSL Corporation. Discover the intricacies of organizing the first-ever OpenSSL conference in Prague, the importance of pos...

22 Syys 202528min