Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Elo 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(527)

Open Source Malware with Brian Fox

Open Source Malware with Brian Fox

Brian Fox discusses findings from a recent Sonatype report about the growing challenge of malicious packages in open source repositories. At the time of recording there are now over 820,000 malware pa...

10 Maalis 202530min

Open Source Foundations with Kelley Misata of Suricata

Open Source Foundations with Kelley Misata of Suricata

In this episode Open Source Security talks to Dr. Kelly Masada about the Open Information Security Foundation (OISF). The way OISF is managing Suricata through a foundation is super interesting. There...

3 Maalis 202531min

Forking Open Source Projects with Sheogorath

Forking Open Source Projects with Sheogorath

In this episode Open Source Security chats with Sheogorath about HedgeDoc project's journey from HackMD to CodiMD and finally to HedgeDoc. We learn what forking a project looks like, including license...

24 Helmi 202522min

Patching EOL Open Source with Aaron Frost

Patching EOL Open Source with Aaron Frost

In this episode, Open Source Security chats with Aaron Frost, CEO of Hero Devs about the world of maintaining end-of-life open source software. Aaron explains how EOL versions of open source work and ...

17 Helmi 202522min

Why do we keep ignoring CI security with François Proulx

Why do we keep ignoring CI security with François Proulx

François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represents a critical and overlooked hole in our supply cha...

10 Helmi 202523min

Modern day authentication with Marc Boorshtein

Modern day authentication with Marc Boorshtein

In this discussion with Tremolo Security CTO Marc Boorshtein, we explore what modern day Single Sign-On (SSO) looks like. Everyone likes to talk about zero trust, but how does that work? We talk about...

3 Helmi 202526min

Open Source Maintenance with Gary Kramlich

Open Source Maintenance with Gary Kramlich

In this episode, Gary Kramlich, the lead developer of Pidgin discusses the challenges and strategies of maintaining a 26-year-old open source messaging client.Gary tell us all about how a small team m...

20 Tammi 202527min

Safety vs Security with Thomas Depierre

Safety vs Security with Thomas Depierre

In this episode of Open Source Security, Josh welcomes Thomas Depierre, a Site Reliability Engineer and open source maintainer, to discuss the intersection of safety and security. Thomas explains why ...

13 Tammi 202521min