Episode 286 - Open source supply chain with Google's Dan Lorenc
Open Source Security30 Aug 2021

Episode 286 - Open source supply chain with Google's Dan Lorenc

Josh and Kurt talk to Dan Lorenc from Google about supply chain security. What's currently going on in this space and what sort of new thing scan we look forward to? We discuss Google's open source use, Project Sigstore, the SLSA framework and more.

Show Notes

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(528)

Episode 215 - Real security is boring

Episode 215 - Real security is boring

Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many la...

14 Sep 202030min

Episode 213 - Security Signals: What are you telling the world

Episode 213 - Security Signals: What are you telling the world

Josh and Kurt talk about how your actions can tell the world if you actually take security seriously. We frame the discussion in the context of Slack paying a very low bug bounty and discover some way...

7 Sep 202032min

Episode 212 - Grab Bag: The Security We Deserve Edition

Episode 212 - Grab Bag: The Security We Deserve Edition

Josh and Kurt talk about Chromium sending traffic to root DNS servers. Telemetry watching what we do. Cryptocurrency scams and a few other random topics. Also pandas. Show Notes Blanket rack Chromium...

31 Aug 202029min

Episode 211 - The only thing harder than signing files is managing users

Episode 211 - The only thing harder than signing files is managing users

Josh and Kurt talk about the Microsoft 2 year old signature bug and Github no longer processing MFA resets for free users. Signing things is hard, but trying to manage users and infrastructure at scal...

24 Aug 202029min

Episode 210 - Cult of Information Security

Episode 210 - Cult of Information Security

Josh and Kurt talk about the current state of information security. There are aspects that resemble a cult more than we would like. It's not all bad though, there are some things we can do to help mov...

17 Aug 202028min

Episode 209 - Secure Boot isn't Secure

Episode 209 - Secure Boot isn't Secure

Josh and Kurt talk about Secure Boot. The conversation uses the recent "Boot Hole" vulnerability to frame a conversation about what Secure Boot is and isn't. Why the Boot Hole flaw doesn't really matt...

10 Aug 202033min

Episode 208 - Passwords are pollution

Episode 208 - Passwords are pollution

Josh and Kurt talk about some of the necessary evils of security. There are challenges we face like passwords and resource management. Sometimes the problem is old ideas, sometimes it's we don't have ...

3 Aug 202032min

Episode 207 - Weaponized attention

Episode 207 - Weaponized attention

Josh and Kurt start this one by explaining how the Twitter hacker was just a dumb criminal (most criminals are dumb). We then discuss the new GPT-3 AI that can create text. How we create, and how soci...

27 Juli 202033min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
bilar-med-sladd
market-makers
natets-morka-sida
rss-laddstationen-med-elbilen-i-sverige
bli-saker-podden
skogsforum-podcast
gubbar-som-tjotar-om-bilar
rss-technokratin
rss-uppgang-och-fall
rss-elektrikerpodden
har-vi-akt-till-mars-an
developers-mer-an-bara-kod
rss-sakerhetspodcasten
rss-generativet
rss-digitala-influencer-podden
rss-en-ai-till-kaffet
garagehang
rss-upplyst-entreprenordirektor