Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Aug 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(527)

Episode 334 - Leap seconds break everything

Episode 334 - Leap seconds break everything

Josh and Kurt talk about leap seconds. Every time there's a leap second, things break. Facebook wants to get rid of them because they break computers, but Google found a clever way to keep leap second...

1 Aug 202232min

Episode 333 - Open Source is unfair

Episode 333 - Open Source is unfair

Josh and Kurt talk about Microsoft creating a policy of not allowing anyone to charge for open source in their app store. This policy was walked back quickly, but it raises some questions about how fa...

25 Juli 202234min

Episode 332 - PyPI: 2FA or not 2FA, that is the question

Episode 332 - PyPI: 2FA or not 2FA, that is the question

Josh and Kurt talk about PyPI mandating two factor authentication for the top 1% of projects. It feels like a simple idea, but it's not when you start to think about it. What problems does 2FA solve? ...

18 Juli 202239min

Episode 331 - GPG, but nothing makes sense

Episode 331 - GPG, but nothing makes sense

Josh and Kurt talk about their very silly GPG key management from the past. This is sadly a very true story that details how both Kurt and Josh protected their GPG keys. Josh's setup is like something...

11 Juli 202235min

Episode 330 - The sliding scale of risk: seeing the forest for the trees

Episode 330 - The sliding scale of risk: seeing the forest for the trees

Josh and Kurt talk about the challenge of dealing with vulnerabilities at a large scale. We tend to treat every vulnerability equally when they are not equal at all. Some are trees we have to pay very...

4 Juli 202238min

Episode 329 - Signing (What is it good for)

Episode 329 - Signing (What is it good for)

Josh and Kurt talk about what the actual purpose of signing artifacts is. This is one of those spaces where the chain of custody for signing content is a lot more complicated than it sometimes seems t...

27 Juni 202230min

Episode 328 - The Security of Jobs or Job Security

Episode 328 - The Security of Jobs or Job Security

Josh and Kurt talk about the security of employees leaving jobs. Be it a voluntary departure or in the context of the current layoffs we see, what are the security implications of having to remove acc...

20 Juni 202229min

Episode 327 - The security of alert fatigue

Episode 327 - The security of alert fatigue

Josh and Kurt talk about a funny GitHub reply that notified 400,000 people. It's fun to laugh at this, but it's an easy open to discussing alert fatigue and why it's important to be very mindful of ou...

13 Juni 202234min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
bilar-med-sladd
market-makers
natets-morka-sida
rss-laddstationen-med-elbilen-i-sverige
bli-saker-podden
rss-elektrikerpodden
gubbar-som-tjotar-om-bilar
rss-technokratin
skogsforum-podcast
rss-uppgang-och-fall
developers-mer-an-bara-kod
rss-sakerhetspodcasten
rss-veckans-ai
rss-powerboat-sverige-podcast
rss-digitala-influencer-podden
rss-en-ai-till-kaffet
rss-upplyst-entreprenordirektor
rss-fabriken-2