Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Aug 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(527)

Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift

Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift

Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The ...

11 Nov 202443min

Episode 453 - Software Liability

Episode 453 - Software Liability

Josh and Kurt talk about three government activities happening around security. CISA has a request for comment, and an international strategic plan around cybersecurity. These are both good ideas, and...

4 Nov 202436min

Episode 452 - All about Meshtastic

Episode 452 - All about Meshtastic

Josh and Kurt talk about the Meshtastic open source project. It's a really slick mesh radio system that runs on very cheap radio equipment. This episode isn't very security related (there are a few th...

28 Okt 202439min

Episode 451 - Python security with Seth Larson

Episode 451 - Python security with Seth Larson

Josh and Kurt talk to Seth Larson from the Python Software Foundation about security the Python ecosystem. Seth is an employee of the PSF and is doing some amazing work. Seth is showing what can be ac...

21 Okt 202436min

Episode 450 - What's Wrong With WordPress

Episode 450 - What's Wrong With WordPress

Josh and Kurt talk about the current Wordpress / WP Engine mess. In what is certainly a supply chain attack, the Advanced Custom Fields forking. This whole saga is weird and filled with chaos and stup...

14 Okt 202439min

Episode 449 - The CUPSpocalypse

Episode 449 - The CUPSpocalypse

Josh and Kurt talk about the recent CUPS issue. The vulnerability itself wasn't all that exciting, but the whole disclosure process was wild. There's a lot to talk about, many things didn't quite go a...

7 Okt 202438min

Episode 448 - What's wrong with CISA?

Episode 448 - What's wrong with CISA?

Josh and Kurt talk about a few things that have recently come out of CISA. They seem to be blaming the vendors for a lot of the problems, but there's also not any actionable advice telling the vendors...

30 Sep 202434min

Episode 447 - The Tidelift 2024 open source maintainer report

Episode 447 - The Tidelift 2024 open source maintainer report

Josh and Kurt talk about the 2024 Tidelift maintainer report. The report is pretty big and covers a ton of ground. We focus in a few of the statistics that should worry anyone who uses open source. We...

23 Sep 202438min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
natets-morka-sida
bilar-med-sladd
rss-technokratin
bli-saker-podden
skogsforum-podcast
market-makers
gubbar-som-tjotar-om-bilar
rss-veckans-ai
rss-elektrikerpodden
rss-uppgang-och-fall
rss-powerboat-sverige-podcast
developers-mer-an-bara-kod
hej-bruksbil
rss-sakerhetspodcasten
rss-fabriken-2
rss-laddstationen-med-elbilen-i-sverige
rss-generativet
garagehang