Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Elo 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(527)

Embedded Security with Paul Asadoorian

Embedded Security with Paul Asadoorian

Recently, I had the pleasure of chatting with Paul Asadoorian, Principal Security Researcher at Eclypsium and the host of the legendary Paul's Security Weekly podcast. Our conversation dove into the o...

5 Touko 202534min

tj-actions with Endor Lab's Dimitri Stiliadis

tj-actions with Endor Lab's Dimitri Stiliadis

Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stag...

28 Huhti 202532min

Syft, Grype, and Grant with Alan Pope

Syft, Grype, and Grant with Alan Pope

I chat with Alan Pope about the open source security tools Syft, Grype, and Grant. These tools help create Software Bills of Materials (SBOMs) and scan for vulnerabilities. Learn why generating and st...

21 Huhti 202531min

CVE for EOL with Aaron Frost

CVE for EOL with Aaron Frost

Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with k...

14 Huhti 202530min

cargo-semver-checks with Predrag Gruevski

cargo-semver-checks with Predrag Gruevski

Cargo Semver Checks is a Rust tool by Predrag Gruevski that is tackling the problem of broken dependencies that cost developers time when trying to upgrade dependencies. Predrag's work shows how autom...

7 Huhti 202533min

Distributed CI and Git with Lars Wirzenius

Distributed CI and Git with Lars Wirzenius

Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboration...

31 Maalis 202527min

FIDO authentication with William Brown

FIDO authentication with William Brown

William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect ...

24 Maalis 202529min

CRA with Luis Villa

CRA with Luis Villa

In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the comple...

17 Maalis 202525min