Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Aug 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(527)

Episode 430 - Frozen kernel security

Episode 430 - Frozen kernel security

Josh and Kurt talk about a blog post about frozen kernels being more secure. We cover some of the history and how a frozen kernel works and discuss why they would be less secure. A frozen kernel is fr...

27 Maj 202434min

Episode 429 - The autonomy of open source developers

Episode 429 - The autonomy of open source developers

Josh and Kurt talk about open source and autonomy. This is even related to some recent return to office news. The conversation weaves between a few threads, but fundamentally there's some questions ab...

20 Maj 202432min

Episode 428 - GitHub artifact attestation

Episode 428 - GitHub artifact attestation

Josh and Kurt talk about a new to sign artifacts on GitHub. It's in beta, it's not going to be easy to use, it will have bugs. But that's all OK. This is how we start. We need infrastructure like this...

13 Maj 202437min

Episode 427 - Will run0 replace sudo?

Episode 427 - Will run0 replace sudo?

Josh and Kurt talk about a sudo replacement going into systemd called run0. It sounds like it'll get a lot right, but systemd is a pretty big attack surface and not everyone is a fan. We shall have to...

6 Maj 202430min

Episode 426 - Automatically exploiting CVEs with AI

Episode 426 - Automatically exploiting CVEs with AI

Josh and Kurt talk about a paper describing using a LLM to automatically create exploits for CVEs. The idea is probably already happening in many spaces such as pen testing and intelligence services. ...

29 Apr 202437min

Episode 425 - Video game cheaters, also pretendo

Episode 425 - Video game cheaters, also pretendo

Josh and Kurt talk about a database of game cheaters. Cheating in games has many similarities to security problems. Anti cheat rootkits are also terrible. The clever thing however is using statistics ...

22 Apr 202430min

Episode 424 - The Notepad++ Parasite Website

Episode 424 - The Notepad++ Parasite Website

Josh and Kurt talk about a Notepad++ fake website. It's possibly not illegal, but it's certainly ethically wrong. We also end up discussing why it seems like all these weird and wild things keep happe...

15 Apr 202435min

Episode 423 - FCC cybersecurity label for consumer devices

Episode 423 - FCC cybersecurity label for consumer devices

Josh and Kurt talk about a new FCC program to provide a cybersecurity certification mark. Similar to other consumer safety marks such as UL or CE. We also tie this conversation into GrapheneOS, and wh...

8 Apr 202432min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
natets-morka-sida
bilar-med-sladd
rss-technokratin
bli-saker-podden
skogsforum-podcast
market-makers
gubbar-som-tjotar-om-bilar
rss-veckans-ai
rss-elektrikerpodden
rss-uppgang-och-fall
rss-powerboat-sverige-podcast
developers-mer-an-bara-kod
hej-bruksbil
rss-sakerhetspodcasten
rss-fabriken-2
rss-laddstationen-med-elbilen-i-sverige
rss-generativet
garagehang