Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Aug 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(527)

Embedded Security with Paul Asadoorian

Embedded Security with Paul Asadoorian

Recently, I had the pleasure of chatting with Paul Asadoorian, Principal Security Researcher at Eclypsium and the host of the legendary Paul's Security Weekly podcast. Our conversation dove into the o...

5 Mai 202534min

tj-actions with Endor Lab's Dimitri Stiliadis

tj-actions with Endor Lab's Dimitri Stiliadis

Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stag...

28 Apr 202532min

Syft, Grype, and Grant with Alan Pope

Syft, Grype, and Grant with Alan Pope

I chat with Alan Pope about the open source security tools Syft, Grype, and Grant. These tools help create Software Bills of Materials (SBOMs) and scan for vulnerabilities. Learn why generating and st...

21 Apr 202531min

CVE for EOL with Aaron Frost

CVE for EOL with Aaron Frost

Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with k...

14 Apr 202530min

cargo-semver-checks with Predrag Gruevski

cargo-semver-checks with Predrag Gruevski

Cargo Semver Checks is a Rust tool by Predrag Gruevski that is tackling the problem of broken dependencies that cost developers time when trying to upgrade dependencies. Predrag's work shows how autom...

7 Apr 202533min

Distributed CI and Git with Lars Wirzenius

Distributed CI and Git with Lars Wirzenius

Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboration...

31 Mar 202527min

FIDO authentication with William Brown

FIDO authentication with William Brown

William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect ...

24 Mar 202529min

CRA with Luis Villa

CRA with Luis Villa

In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the comple...

17 Mar 202525min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
energi-og-klima
rss-impressions-2
nasjonal-sikkerhetsmyndighet-nsm
rss-heis
fornybaren
elektropodden
rss-ai-forklart
smart-forklart
shifter
hans-petter-og-co
teknologi-og-mennesker
pedagogisk-intelligens
rss-alt-vi-kan
rss-kvantespranget
rss-ki-praten
rss-grenser-for-ki