Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Aug 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(527)

Episode 446 - Researchers took over .MOBI TLD

Episode 446 - Researchers took over .MOBI TLD

Josh and Kurt talk about some security researchers sort of taking over the .MOBI whois server. The story is a bit sensational, but we ask if it really matters? There are a lot of interesting possible ...

16 Sep 202433min

Episode 445 - EPSS with Jay Jacobs

Episode 445 - EPSS with Jay Jacobs

Josh and Kurt talk to Jay Jacobs about Exploit Prediction Scoring System (EPSS). EPSS is a new way to view vulnerabilities. It's a metric for the likelyhood that a vulnerability will be exploited in t...

9 Sep 202441min

Episode 444 - Open Source and End of Life

Episode 444 - Open Source and End of Life

Josh and Kurt talk about Chrome unexpectedly going EOL on Ubuntu 18. Keeping old things alive is really hard to do, and in open source it's becoming more common to just run the latest version rather t...

2 Sep 202437min

Episode 443 - The Supply Chain Security Crisis

Episode 443 - The Supply Chain Security Crisis

Josh and Kurt talk about a story that discusses a story from Black Hat that references supply chains. There's a ton of doom and gloom around our software supply chains and much of the advice isn't rea...

26 Aug 202434min

Episode 442 - The foundation of society, TLS certificates are a mess

Episode 442 - The foundation of society, TLS certificates are a mess

Josh and Kurt talk about a few stories around the TLS CA certificate world. It's all pretty dire sounding. There's not a lot of organization or process in the space, and the root CAs are literally the...

19 Aug 202440min

Episode 441 - Is CWE useful?

Episode 441 - Is CWE useful?

Josh and Kurt talk about CWE. What is it, and why does it matter. We cover some history, some shortcomings, and some ideas on how CWE could be used to make security a lot better. We frame the future d...

12 Aug 202433min

Episode 440 - "What is open source" talk Josh gave

Episode 440 - "What is open source" talk Josh gave

Josh and Kurt talk about a presentation Josh recently gave that was supposed to be about how open source works. The talk was the wrong topic for a security crowd, but there's a lot of interesting deta...

5 Aug 202434min

Episode 439 - Where are all the youth in open source?

Episode 439 - Where are all the youth in open source?

Josh and Kurt talk about a story talking about the "graying" of open source. There doesn't seem to be many young people working on open source, but we don't really know why that is. There are many tho...

29 Juli 202429min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
natets-morka-sida
bilar-med-sladd
rss-technokratin
bli-saker-podden
skogsforum-podcast
market-makers
gubbar-som-tjotar-om-bilar
rss-veckans-ai
rss-elektrikerpodden
rss-uppgang-och-fall
rss-powerboat-sverige-podcast
developers-mer-an-bara-kod
hej-bruksbil
rss-sakerhetspodcasten
rss-fabriken-2
rss-laddstationen-med-elbilen-i-sverige
rss-generativet
garagehang