Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Elo 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(528)

Episode 206 - Confidential Virtual Machines; The future of cloud computing

Episode 206 - Confidential Virtual Machines; The future of cloud computing

Josh and Kurt talk about Google's new confidential VMs. The AMD Secure Encrypted Virtualization is the technology that makes it all possible. What is SEV, how does it work, and why should you care? Th...

20 Heinä 202031min

Episode 205 - The State of Open Source Security with Alyssa Miller from Snyk

Episode 205 - The State of Open Source Security with Alyssa Miller from Snyk

Josh and Kurt talk to Alyssa Miller from Snyk about the State of Open Source Security 2020 report. Alyssa was the report author and has some great insight into the current trends we're seeing in open ...

13 Heinä 202031min

Episode 204 - What Would Apple Do?

Episode 204 - What Would Apple Do?

Josh and Kurt talk about some recent security actions Apple has taken. Not all are good, but in general Apple is doing things to benefit their customers (their customers are not advertisers). We also ...

6 Heinä 202032min

Episode 203 - Humans, conferences, and security: let me think and get back to you in a bit

Episode 203 - Humans, conferences, and security: let me think and get back to you in a bit

Josh and Kurt talk about human behavior. The conversation makes its way to conferences and the perpetual question of if a conference is useful or not. We come to the agreement the big shows aren't wha...

29 Kesä 202032min

Episode 202 - The convergence of application security

Episode 202 - The convergence of application security

Josh and Kurt talk about the security of applications. We talk about the security of infrastructure all the time, but what happens when we combine infrastructure into an application or solution? Sho...

22 Kesä 202029min

Episode 201 - We broke CVSSv3, now how do we fix it?

Episode 201 - We broke CVSSv3, now how do we fix it?

Josh and Kurt talk about CVSSv3 and how it's broken. We started with a blog post to explain why the NVD CVSS scores are so wrong, and we ended up researching CVSSv3 and found out it's far more broken ...

15 Kesä 202031min

Episode 200 - Talking Container Security with Liz Rice

Episode 200 - Talking Container Security with Liz Rice

Josh and Kurt talk to Liz Rice from Aqua Security about container security and her new book on the same topic. What does container security look like today? What are some things you can do now? What w...

8 Kesä 202028min

Episode 199 - Special cases are special: DNS, Websockets, and CSV

Episode 199 - Special cases are special: DNS, Websockets, and CSV

Josh and Kurt talk about a grab bag of topics. A DNS security flaw, port scanning your machine from a web browser, and CSV files running arbitrary code. All of these things end up being the result of ...

1 Kesä 202029min