Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Aug 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(527)

Episode 334 - Leap seconds break everything

Episode 334 - Leap seconds break everything

Josh and Kurt talk about leap seconds. Every time there's a leap second, things break. Facebook wants to get rid of them because they break computers, but Google found a clever way to keep leap second...

1 Aug 202232min

Episode 333 - Open Source is unfair

Episode 333 - Open Source is unfair

Josh and Kurt talk about Microsoft creating a policy of not allowing anyone to charge for open source in their app store. This policy was walked back quickly, but it raises some questions about how fa...

25 Jul 202234min

Episode 332 - PyPI: 2FA or not 2FA, that is the question

Episode 332 - PyPI: 2FA or not 2FA, that is the question

Josh and Kurt talk about PyPI mandating two factor authentication for the top 1% of projects. It feels like a simple idea, but it's not when you start to think about it. What problems does 2FA solve? ...

18 Jul 202239min

Episode 331 - GPG, but nothing makes sense

Episode 331 - GPG, but nothing makes sense

Josh and Kurt talk about their very silly GPG key management from the past. This is sadly a very true story that details how both Kurt and Josh protected their GPG keys. Josh's setup is like something...

11 Jul 202235min

Episode 330 - The sliding scale of risk: seeing the forest for the trees

Episode 330 - The sliding scale of risk: seeing the forest for the trees

Josh and Kurt talk about the challenge of dealing with vulnerabilities at a large scale. We tend to treat every vulnerability equally when they are not equal at all. Some are trees we have to pay very...

4 Jul 202238min

Episode 329 - Signing (What is it good for)

Episode 329 - Signing (What is it good for)

Josh and Kurt talk about what the actual purpose of signing artifacts is. This is one of those spaces where the chain of custody for signing content is a lot more complicated than it sometimes seems t...

27 Jun 202230min

Episode 328 - The Security of Jobs or Job Security

Episode 328 - The Security of Jobs or Job Security

Josh and Kurt talk about the security of employees leaving jobs. Be it a voluntary departure or in the context of the current layoffs we see, what are the security implications of having to remove acc...

20 Jun 202229min

Episode 327 - The security of alert fatigue

Episode 327 - The security of alert fatigue

Josh and Kurt talk about a funny GitHub reply that notified 400,000 people. It's fun to laugh at this, but it's an easy open to discussing alert fatigue and why it's important to be very mindful of ou...

13 Jun 202234min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
energi-og-klima
nasjonal-sikkerhetsmyndighet-nsm
rss-impressions-2
rss-heis
tomprat-med-gunnar-tjomlid
rss-ai-forklart
shifter
elektropodden
fornybaren
rss-alt-vi-kan
smart-forklart
kortslutning
teknologi-og-mennesker
rss-polypod
rss-praktisk-proptech
rss-ki-praten
rss-grenser-for-ki