BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Player FM - Internet Radio Done Right
Checked 6d ago
Đã thêm cách đây một năm
Nội dung được cung cấp bởi OpenSSF. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được OpenSSF hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Tương tự như What's in the SOSS? An OpenSSF Podcast
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
))
Daily Deals
Podcast đáng để nghe
TÀI TRỢ BỞI
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/action-academy-replace-the-job-you-hate-with-a-life-you-love">Action Academy | Replace The Job You Hate With A Life You Love</a></span>
Ready to replace your 6-figure salary with real freedom? This is the podcast for high earners who feel stuck in jobs they’ve outgrown. If you’re asking, “How do I actually replace $10K–$20K/month so I can quit and never look back?” — welcome home. At Action Academy, we teach you how to buy small businesses and commercial real estate to create cash flow that actually replaces your job. Monday through Friday, you’ll learn from 7–9 figure entrepreneurs, real estate moguls, and acquisition pros who’ve done it — and show you how to do it too. Hosted by Brian Luebben (@brianluebben), who quit his 6-figure sales role in 2022 to build a global business while traveling the world. If you're a high-income earner ready to become a high-impact entrepreneur, this show is your playbook. Subscribe now and start your path to freedom — or keep pretending your job will get better someday....
Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security
Manage episode 452000935 series 3564832
Nội dung được cung cấp bởi OpenSSF. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được OpenSSF hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.”
- 00:48 - Jack and Zach share their backgrounds
- 02:59 - What package repositories are and why they’re important to open source users
- 04:17 - The positive impact package security has on downstream users
- 07:06 - Jack and Zach offer insight into the "Prinicples for Package Repository Security" document
- 11:18 - Future endeavors of the Securing Software Repositories Working Group
- 17:32 - Jack and Zach answer CRob’s rapid-fire questions
- 19:31 - Advice for those entering the industry
- 21:28 - Jack and Zach share their calls to action
Episode links:
29 tập
Chia sẻ
Manage episode 452000935 series 3564832
Nội dung được cung cấp bởi OpenSSF. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được OpenSSF hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.”
- 00:48 - Jack and Zach share their backgrounds
- 02:59 - What package repositories are and why they’re important to open source users
- 04:17 - The positive impact package security has on downstream users
- 07:06 - Jack and Zach offer insight into the "Prinicples for Package Repository Security" document
- 11:18 - Future endeavors of the Securing Software Repositories Working Group
- 17:32 - Jack and Zach answer CRob’s rapid-fire questions
- 19:31 - Advice for those entering the industry
- 21:28 - Jack and Zach share their calls to action
Episode links:
29 tập
모든 에피소드
×
1 Secure Software Starts with Awareness: Education & Open Source with the Council of Daves 24:46
24:46 
Nghe Sau 
Nghe Sau 
Danh sách 
Thích 
Đã thích24:46
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversation covers key initiatives like the LFD121 course, upcoming resources on the EU Cyber Resilience Act, and how AI is shifting the landscape. Whether you're a developer, manager, or just open source curious, this is your crash course in why security training matters more than ever. 📚 Episode Chapters: Intro & Meet the Council of Daves (0:16) Open Source Origin Stories (1:22) The Role of the Education SIG (4:05) Why Secure Software Education Is Critical (6:30) Inside the LFD121 Secure Development Course (8:01) Training Managers on Secure SDLC Practices (12:24) Why AI Makes Education More Important, Not Less (13:53) What’s Next in Security Education: CRA 101 and More (16:04) Rapid Fire Round: VI vs. EMACS, Tabs or Spaces & Mascots (20:20) Final Thoughts & Call to Action (22:04) Episode links: Dave Russo LinkedIn David Wheeler LinkedIn OpenSSF Free Training : LFD121: Developing Secure Software LFD125: Security for Software Development Managers LFEL1001: Understanding the EU Cyber Resilience Act (CRA) Get involved with the OpenSSF Subscribe to the OpenSSF Newsletter Follow the OpenSSF on LinkedIn…
1 Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF 11:25
11:25 Nghe Sau Nghe Sau Danh sách Thích Đã thích11:25
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” what drew him into the world of open source, and how his decades of experience as a consumer of open source software are shaping his vision for the Foundation. 00:21 Welcome & Introductions 00:57 Steve’s Tech Journey 03:13 Why OpenSSF? 05:02 The Role of Security & Strategic Vision 08:17 Rapid Fire & Final Thoughts…
1 JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at Scale 17:49
17:49 Nghe Sau Nghe Sau Danh sách Thích Đã thích17:49
Nghe Sau Nghe Sau Danh sách Thích Đã thíchRobin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares her journey, insights on community-led development, and how OpenJS is building a healthier future for the JavaScript ecosystem. Learn more and register for JSConf North America: https://events.linuxfoundation.org/jsconf-north-america/register/…
1 Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding 17:18
17:18 Nghe Sau Nghe Sau Danh sách Thích Đã thích17:18
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Red Hat to pioneering AI security at Microsoft. Learn how Yesenia blends her passion for cybersecurity, Brazilian jiu-jitsu, and empowering communities—especially women—to shape her personal brand and advocacy efforts. Don't miss this lively conversation full of actionable insights for anyone interested in cybersecurity, open source communities, and personal growth. Episode Highlights: 00:18 – Introduction to Yesenia Yser 00:55 – Yesenia's open source origin story 03:30 – From cybersecurity professional to jiu-jitsu practitioner 05:56 – Building a personal brand in tech and beyond 09:04 – Advocating diversity in tech through the BEAR group 12:40 – Fun rapid-fire round (VI or Emacs, Coke or Pepsi, favorite open source mascot, spicy vs. mild food, and more) 13:52 – Yesenia joins as new co-host of "What's in the SOSS?" 15:39 – Advice for breaking into open source and cybersecurity Connect with Yesenia: Yesenia Yser on LinkedIn The Lioness Instincts Get Involved with the OpenSSF: Subscribe to the OpenSSF newsletter Join the OpenSSF an upcoming Community Day Watch BEAR Community Office Hours on YouTube…
CRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group to discuss the key lessons learned from open source security in 2024, the importance of the MVVSR (Mission, Vision, Values, Strategy, and Roadmap) framework, and the exciting initiatives planned for 2025. They highlight the growing reliance on open source, the challenges of dependency vulnerabilities, and the need for better security practices in the industry. Chapters: 03:29 Key Lessons from Open Source Security in 2024 08:29 MVSR: Mission, Vision, Strategy, and Roadmap 13:41 Importance of Strategy and Roadmap in OpenSSF 17:48 Roadmap Items for Community Collaboration 20:02 Key Resources and Courses for Developers 22:09 Exciting Opportunities Ahead for 2025 Episode links: Arun’s Linkedin Zach’s Linedkin 2024 Annual Report Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain 21:06
21:06 Nghe Sau Nghe Sau Danh sách Thích Đã thích21:06
Nghe Sau Nghe Sau Danh sách Thích Đã thíchCRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and the future of supply chain security. 01:56 - Michael explains how he got into open source 04:10 - The challenges of being a startup within the open source ecosystem 05:38 - Michael digs into his participation with SLSA and GUAC 09:13 - How maintainers can address SBOMs with GUAC 10:56 - Michael’s predictions for supply chain security and dependency management 14:26 - Michael answers CRob’s rapid-fire questions 15:32 - Advice for those entering the cybersecurity or open source development spaces 17:50 - Michael’s call to action Links: Michael Liberman on LinkedIn Kusari homepage GUAC homepage on OpenSSF SLSA homepage on OpenSSF Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects 16:47
16:47 Nghe Sau Nghe Sau Danh sách Thích Đã thích16:47
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity and the people behind the code. 01:42 - Why the Sovereign Tech Fund became the Sovereign Tech Agency 03:59 - The ways the Sovereign Tech Agency supports open source infrastructure initiatives 04:42 - The four criteria for Sovereign Tech Agency funding: prevalence, relevance, vulnerability and public interest 06:51 - Sovereign Tech Agency success stories 09:09 Plans for the Sovereign Tech Agency in 2025 11:54 – Tara answers CRob’s rapid-fire questions 13:54 - Advice to those entering open source development or security field 14:55 - Tara’s call to action for listeners Episode links: Tara Tarayikee on Linkedin Sovereign Tech Agency homepage Apply for Sovereign Tech Fund investment Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security 27:15
27:15 Nghe Sau Nghe Sau Danh sách Thích Đã thích27:15
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security. 01:00 - Michael shares his origin story into open source 02:09 - How Alpha-Omega came to be 03:48 Alpha-Omega’s mission is catalyzing sustainable security improvements 05:16 - The four types of investments Alpha-Omega makes to catalyze change 11:33 - Michael expands on his “clean the beach” approach to impacting open source security 16:41 - The 3F framework helps manage upstream dependencies effectively 21:13 - Michael answers CRob’s rapid-fire questions 23:06 - Michael’s advice to aspiring development and cybersecurity professionals 24:44 - Michael’s call to action for listeners Links Michael Winser on LinkedIn Alpha-Omega homepage OpenSSF on LinkedIn Subscribe to the OpenSSF newsletter Get involved with the OpenSSF community…
1 Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security 23:44
23:44 Nghe Sau Nghe Sau Danh sách Thích Đã thích23:44
Nghe Sau Nghe Sau Danh sách Thích Đã thíchCRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.” 00:48 - Jack and Zach share their backgrounds 02:59 - What package repositories are and why they’re important to open source users 04:17 - The positive impact package security has on downstream users 07:06 - Jack and Zach offer insight into the "Prinicples for Package Repository Security" document 11:18 - Future endeavors of the Securing Software Repositories Working Group 17:32 - Jack and Zach answer CRob’s rapid-fire questions 19:31 - Advice for those entering the industry 21:28 - Jack and Zach share their calls to action Episode links: Zach Steindler on LinkedIn Jack Cable on LinkedIn OpenSSF on LinkedIn Securing Package Repositories Working Group Principles for Package Repository Security document Subscribe to the OpenSSF newsletter Get involved with the OpenSSF community…
1 Red Hat's Rodrigo Freire and the Impact of High-Profile Security Incidents 16:58
16:58 Nghe Sau Nghe Sau Danh sách Thích Đã thích16:58
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the open source community. Rodrigo has a distinguished track record of success and experience in several industries, especially high-performance and mission-critical environments in financial services. 01:08 - Rodrigo shares his entry into open source 02:42 - Diving into the specifics of a high-profile incident 06:22 - How security researchers coordinate a response to a high-profile incident 10:33 - The benefits of a vulnerability disclosure program 11:57 - Rodgiro answers CRob's rapid-fire questions 13:43 - Advice for anyone getting into the industry 14:26 - Rodrigo's call to action for listeners 15:53 - The importance of the security community working together Episode links: Rodrigo Freire on LinkedIn Rodrigo's blog on Red Hat's response to the XZ incident discovery Get involved with the OpenSSF community…
1 Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer” 16:58
16:58 Nghe Sau Nghe Sau Danh sách Thích Đã thích16:58
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with over 10 years of ethical hacking, reverse engineering and advanced vulnerability analysis, Stephanie has a deep knowledge and passion for the hacker mindset. 01:14: Stephanie shares how she got her start in security 05:41 Interesting things Stephanie has discovered since becoming more directly involved with open source 08:20 The challenge of instilling trust into those who consume open source 12:42 Stephanie answers CRob’s rapid-fire questions 14:07 Stephanie’s advice to those getting into cybersecurity 15:43 Stephanie’s call to action for listeners Episode links: Stephanie Domas on LinkedIn Canonical homepage White House’s M-22-18 memorandum CISA RSAA Secure Software Development Attestation Form NIST Secure Software Development Framework (SSDF) SP 800-218 Get involved with the OpenSSF community…
1 Intel’s Katherine Druckman and the Impact of Developer Relations 14:23
14:23 Nghe Sau Nghe Sau Danh sách Thích Đã thích14:23
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair of the OpenSSF Marketing Advisory Council and DevRel Community. Katherine enjoys sharing her passion for a variety of open source topics and is a long-time open source advocate, developer and podcaster. She’s currently the host of Open at Intel and co-host of the FLOSS Weekly and Reality 2.0 podcasts. She spent over a decade at Linux Journal. A passionate Drupalist since she first downloaded a tarball in 2005, she has also been a Drupal contributor and engineer. Additionally, Katherine will be a featured speaker at SOSS Fusion/24 in Atlanta on Oct. 22-23. SOSS Fusion/24 is a collaborative and forward-thinking initiative dedicated to securing open source software. This event will bring together a diverse community of professionals from the public sector, software developers, security engineers to cybersecurity experts, CISOs, CIOs, Founders and tech pioneers. Katherine will be an active participant at SOSS Fusion/24 and will share her insight at the following presentations: Roundtable: Building Developer Confidence in Software Security with the DevRel Community, with Lori Lorusso, Percona; Tabatha DiDomenico, G-Research. Oct 22, 11:30 a.m. Keynote: Fireside Chat with Window Snyder, Founder & CEO, Thistle Technologies, Oct. 23, 9:30 a.m. Keynote: Back to Security Basics: Evaluating, Consuming, and Contributing Open Source Software, Oct. 23, 9:55 a.m. Check out the full schedule for SOSS Fusion/24. 01:42 - Katherine shares her non-traditional journey into open source 03:30 - DevRel’s definition varies, depending on the organization 06:11 - Tips for making connections with developers 08:23 - How DevRel professionals can help integrate security practices and tooling into everyday maintainer activities 09:38 - Katherine answers CRob’s rapid-fire questions 11:05 - Katherine’s belief that all knowledge can be relevant — even if it’s outside of your field 12:23 - Developers and security folks should be working together Episode links: Katherine Druckman on LinkedIn OpenSSF DevRel Community Open at Intel podcast SOSS Fusion/24 Get involved with the OpenSSF community…
1 Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level 16:24
16:24 Nghe Sau Nghe Sau Danh sách Thích Đã thích16:24
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a complex enterprise. Sarah sits on the OpenSSF Technical Advisory Council and at Dell’s she has been instrumental in cybersecurity innovation, conducting research within the global CTO R&D organization. Her career spans pivotal roles, including being an enterprise security architect and engaging in Identity and Access Management and IT at prestigious organizations like Wells Fargo and the U.S. Air Force. Dr. Lisa Bradley is a distinguished cybersecurity expert and visionary leader. She has earned her reputation as a trailblazer in the field of security and vulnerability management. In her current role, she oversees Dell's Product Security Incident Response Team (PSIRT), Bug Bounty Program, SBOM initiative, Dependency Management, and Security Champion and Training Programs. 02:38 How Dell is managing its ingestion and productization of open source software 04:54 The complex task of managing open source software for a company the size of Dell 06:34 The importance of executive support when implementing security initiatives 10:40 Lisa and Sarah answer CRob’s rapid-fire questions 12:40 Lisa and Sarah’s advice to aspiring developers and security professionals 14:12 Lisa and Sarah’s call to action Episode links: Lisa Bradley on LinkedIn Sarah Evans on LinkedIn Get involved in the OpenSSF community…
In this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As Omkhar moves on to the next chapter of his occupational journey, he reflects on his tenure with the OpenSSF, shares his open source origin story and highlights the achievements of the OpenSSF and the tactics he used to engage different stakeholders. Omkhar shares his open source origin story 02:14 - Things Omkhar is proud of during his tenure at the OpenSSF 04:36 - The challenge of keeping myriad stakeholders engaged 07:12 - Areas of open source supply chains that public policymakers and regulators should better understand 09:44 - Some challenges ahead for the open source ecosystem 14:58 - Omkhar answers CRob’s rapid-fire questions 17:57 - Omkhar’s advice for people entering the open source community Links Omkhar Arasaratnam on LinkedIn Get involved with OpenSSF…
1 CoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open Source 22:47
22:47 Nghe Sau Nghe Sau Danh sách Thích Đã thích22:47
Nghe Sau Nghe Sau Danh sách Thích Đã thíchOmkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay White, security principal program manager at Microsoft. David and Jay are on the Project Governing Board for the Coalition for Secure AI (CoSAI), an alliance of industry leaders, researchers and developers dedicated to enhancing the security of AI implementations. Additionally, Jay — along with Mihai — are leads on the OpenSSF AI/ML Security Working Group. In this conversation, they dig into CoSAI’s goals and the potential partnership with the OpenSSF. 00:57 - Guest introductions 01:56 - Dave and Jay offer insight into why CoSAI was necessary 05:16 - Jay and Mihai explain the complementary nature of OpenSSF's AI/ML Security Working Group and CoSAI 07:21 - Mihai digs into the importance of proving model provenance 08:50 - Dave shares his thoughts on future CoSAI/OpenSSF collaborations 11:13 - Jay, Dave and Mihai answer Omkhar’s rapid-fire questions 14:12 - The guests offer their advice to those entering the field today and their call to action for listeners Links David LaBianca on LinkedIn Mihai Maruseac on LinkedIn Jay White on LinkedIn CoSAI homepage OpenSSF AI/ML Security Working Group homepage Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…” 22:43
22:43 Nghe Sau Nghe Sau Danh sách Thích Đã thích22:43
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community. When he’s not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and nine kids. 01:21 Mike shares insight into transporting a family of 11 02:02 Mike’s day-to-day at GitHub 03:53 Advice on communicating supply chain risk 08:19 Transforming the “Department of No” into the “Department of Yes And…” 12:44 AI’s potential impact on secure open source software and, specifically, on software supply chains 18:02 Mike answers Omkhar’s rapid-fire questions 19:26 Advice Mike would give to aspiring security or software professionals 20:38 Mike’s call to action for listeners Links Mike Hanley on LinkedIn DARPA AI Cyber Challenge Get involved with the OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 CISA's Aeva Black and the Public Sector View of Open Source Security 12:13
12:13 Nghe Sau Nghe Sau Danh sách Thích Đã thích12:13
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, Omkhar Arasaratnam visits with Aeva Black, who currently serves as the Section Chief for Open Source Security at CISA, and is an open source hacker and international public speaker with 25 years of experience building open source software projects at large technology companies. She previously led open source security strategy within the Microsoft Azure Office of the CTO, and served on the OpenSSF Technical Advisory Committee, the OpenStack Technical Committee, and the Kubernetes Code of Conduct Committee. In her spare time, Aeva enjoys riding motorcycles up and down the west coast. 01:37- Aeva describes a day in the life at CISA 02:38 - Details on the use of open source in the public sector 04:27 - Why open source needs corporate investment to maintain security 06:20 - Aeva shares what their second year at CISA looks like 07:58 - Aeva answers Omkhar’s rapid-fire questions 09:28 - Advice for people entering the world of security 10:16 - Certs are nice to have, but they aren’t everything 10:42 - Aeva’s call to action for listeners Episode links: Aeva Black on LinkedIn CISA Open Source Security Roadmap Get involved with the OpenSSF community…
W
What's in the SOSS? An OpenSSF Podcast
1 Google’s Andrew Pollock and Addressing Open Source Vulnerabilities 12:16
12:16 Nghe Sau Nghe Sau Danh sách Thích Đã thích12:16
Nghe Sau Nghe Sau Danh sách Thích Đã thíchEpisode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, great user experiences and self-service opportunities. He has primarily worked in Linux/Unix environments as a Site Reliability Engineer or Security Engineer, with a strong interest in process improvement and automation. 00:52 - Andrew shares his background as a “mid-90s data nerd” 02:31 - Managing vulnerabilities in the open source ecosystem 03:57 - How to navigate inconsistent metadata 06:26 - The challenge of source attribution 07:54 - The rapid-fire round 09:15 - Andrew’s advice to open source developers 10:22 - Andrew’s call to action to developers Episode links: Andrew Pollock on LinkedIn Getting to know the Open Source Vulnerability format OSV.dev Get involved in the OpenSSF community…
W
What's in the SOSS? An OpenSSF Podcast
1 Rust Foundation’s Bec Rumbul and Succeeding as a “Non-Techie” in a Tech-Heavy Industry 18:28
18:28 Nghe Sau Nghe Sau Danh sách Thích Đã thích18:28
Nghe Sau Nghe Sau Danh sách Thích Đã thíchBec Rumbul is the Executive Director and CEO of the Rust Foundation, a global non-profit that stewards the Rust language, supports maintainers, and ensures that Rust is safe, secure, and sustainable for the future. She holds a PhD in Politics and Governance and has worked as a consultant and researcher with governments, parliaments and development agencies all over the world, advocating for openness and transparency and developing tools to improve digital participation. 02:57 Bec shares her day-to-day activities with the Rust Foundation 04:53 Bec on her sometimes tricky responsibilities during her time at the U.N. 06:35 How Bec communicates the importance of memory safety and Rust with stakeholders 09:47 Surprises related to organizations that are adopting Rust 11:50 Impediments to Rust adoption 13:44 Bec answers Omkhar’s rapid-fire questions 15:49 Advice Bec would give a non-technical person entering a technical field 17:09 Bec’s call to action for listeners Episode links: Bec Rumbul on LinkedIn Rust Foundation homepage Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 Sonatype’s Brian Fox and the Perplexing Phenomenon of Downloading Known Vulnerabilities 22:24
22:24 Nghe Sau Nghe Sau Danh sách Thích Đã thích22:24
Nghe Sau Nghe Sau Danh sách Thích Đã thíchBrian Fox is Co-founder and Chief Technology Officer at Sonatype, bringing over 28 years of hands-on experience driving software development for organizations of all sizes, from startups to large enterprises. A recognized figure in the Apache Maven ecosystem and a longstanding member of the Apache Software Foundation, Brian has played a crucial role in creating popular plugins like the maven-dependency-plugin and maven-enforcer-plugin. His leadership includes overseeing Maven Central, the world's largest repository of open-source Java components, which recently surpassed a trillion downloads annually. As a Governing Board member for the Open Source Security Foundation, Brian actively contributes to advancing cybersecurity. Working with other industry leaders, he helped create The Open Source Consumption Manifesto, urging organizations to elevate their awareness of the Open Source Software (OSS) components they use. 00:57 Brian shares his background 03:56 The confusing trend of people downloading assets on Maven with known vulnerabilities 08:16 How this trend continues in other repos 11:08 Brian and CRob discuss Log4Shell 16:54 Brian answers CRob’s rapid-fire questions 18:46 Brian’s advice for up-and-coming security professionals 19:50 Brian’s call to action Episode links: Brian Fox on LinkedIn Sonatype’s 2023 State of the Software Supply Chain Report Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 Arun Gupta and Giving Back to Security Communities 22:02
22:02 Nghe Sau Nghe Sau Danh sách Thích Đã thích22:02
Nghe Sau Nghe Sau Danh sách Thích Đã thíchArun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has been an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles, contribute, and collaborate effectively. On July 9th and 10th, the OpenSSF will attend the 2024 OSPOs for Good symposium hosted by the UN. What’s in the SOSS? co-host Omkhar Arasaratnam and Arun will lead a session called “Engaging the Open Source Community.” Following the symposium on July 11th, attendees are invited to come to a secondary event, What’s Next for Open Source? It will feature a collection of curated workshops to discover how to build and gather the skills you need to move forward with open source. Omkhar is coordinating the security track and presenting opening remarks. Arun will offer closing remarks. 02:13 - Arun’s general outlook on security and life 03:39 - Arun shares his personal background and illustrious career history 09:04 - Comparing the OpenSSF and the Cloud Native Computing Foundation (CNCF) 13:30 - Arun details his work with the United Nations 16:42 - Areas that a lot of security professionals are getting wrong 18:20 - Arun answers Omkhar’s rapid-fire questions 19:08 - Advice Arun would give to aspiring security professionals 20:40 - Arun’s call to action for listeners Episode links OSPOs for Good 2024 What’s Next for Open Source event Arun Gupta’s LinkedIn profile CNCF homepage United Nations Sustainable Development Goals Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX 18:11
18:11 Nghe Sau Nghe Sau Danh sách Thích Đã thích18:11
Nghe Sau Nghe Sau Danh sách Thích Đã thíchThe world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation behind the release process. Puerco is one of the original authors of OpenVEX, an OpenSSF project working towards a minimal implementation of VEX that can be easily embedded and attested. He's also a contributor to the SPDX project and a maintainer of several SBOM OSS tools. He’s passionate about writing software with friends, helping new contributors and amplifying the Latinx presence in the cloud-native community. 01:04 - Puerco shares his background 02:21 - What SBOMs are and why they’re so important 06:42 - An overview of standards in the SBOM space 09:58 - Puerco details his work on VEX projects 14:05 - Puerco enters the rapid-fire portion of the interview 15:06 - Advice Puerco would offer aspiring open source or security professionals 16:12 - Puerco’s call to action for listeners Links Adolfo García Veytia’s LinkedIn page…
W
What's in the SOSS? An OpenSSF Podcast
1 A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS? 20:03
20:03 Nghe Sau Nghe Sau Danh sách Thích Đã thích20:03
Nghe Sau Nghe Sau Danh sách Thích Đã thíchChristopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s Technical Advisory Committee (TAC) Chair. And soon, CRob will step into another role: co-host of What’s in the SOSS? With 25 years of enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the financial, medical, legal, and manufacturing verticals. He also spent six years helping lead the Red Hat Product Security team as their Program Architect. 00:57 - CRob’s day-to-day activities and his affiliation with the OpenSSF 03:15 - The insight CRob will bring to the podcast as co-host 05:46 - What developers writing “post-bang” code should be considering 08:40 - Lessons open source could learn from corporate and vice versa 12:17 - CRob explores the evolution of open source 14:22 - Crob answers Omkhar’s rapid fire questions 15:57 - CRob’s advice to people entering the cybersecurity field 18:18 - CRob’s call to action for listeners: give back Episode links: CRob’s LinkedIn page More content with CRob…
W
What's in the SOSS? An OpenSSF Podcast
1 OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source Security 14:58
14:58 Nghe Sau Nghe Sau Danh sách Thích Đã thích14:58
Nghe Sau Nghe Sau Danh sách Thích Đã thíchMatt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore the frontier of AI, understand its impacts and maximize its benefits, especially in the cybersecurity domain. 00:40 - Matt’s duties at OpenAI 01:52 - Matt’s accidental journey into cybersecurity 05:18 - The intersection of AI and open source 06:45 - Matt’s thoughts on how AI can help security professionals 08:53 - Details on the AI Cyber Challenge (AIxCC) 10:53 - Matt answers Omkhar’s rapid-fire questions 12:29 - Advice Matt would give to aspiring security professionals 13:00 - Matt’s call-to-cation for listeners Episode links: Matt Knight’s Linkedin page GNU Radio AIxCC Challenge OpenAI Cybersecurity Grant Program…
W
What's in the SOSS? An OpenSSF Podcast
1 Eric Brewer and the Future of Open Source Security 16:09
16:09 Nghe Sau Nghe Sau Danh sách Thích Đã thích16:09
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s. 01:15 - Eric discusses his background 03:14 - Improving security in a corporate vs. open source environment 05:58 - Advancements Eric has noticed in open source in recent years 07:17 - How to make software repositories more secure 08:58 - The next big hurdle in open source security 11:12 - Rapid-fire questions: Mild or spicy food? Vim or Emacs? Spaces or tabs? 12:42 - Eric’s advice for aspiring security professionals 14:45 - The importance of being active in security communities Episode links: Eric Brewer’s LinkedIn profile OS3I report…
W
What's in the SOSS? An OpenSSF Podcast
1 Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security 17:29
17:29 Nghe Sau Nghe Sau Danh sách Thích Đã thích17:29
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of the Jeff Aiken cyberthriller novels Zero Day, Trojan Horse and Rogue Code, and co-author of the Microsoft Press Windows Internals books. 00:36 - Mark on his role at Azure 01:30 - Where AI is headed and its impact on enterprises 04:06 - The task of teaching a machine learning model to unlearn Harry Potter 06:32 - The good and bad of AI hallucinations 10:35 - The promise of more secure open source software via AI 13:05 - Mark answers Omkhar’s “rapid-fire” questions: mild or spicy food, Vim, Emacs or VS Code and tabs or spaces 15:01 - Why aspiring software engineers should still learn to code Episode links: Mark Russinovich’s LinkedIn page Press Release: OpenSSF to Support Darpa on New AI Cyber Challenge (AIxCC)…
W
What's in the SOSS? An OpenSSF Podcast
1 Christoph Kern and the Challenge of Keeping Google Secure 20:50
20:50 Nghe Sau Nghe Sau Danh sách Thích Đã thích20:50
Nghe Sau Nghe Sau Danh sách Thích Đã thíchIn this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security. 00:42 - Christoph offers a rundown of his duties at Google 01:38 - Google’s general approach to security 03:02 - What Christoph describes as “stubborn vulnerabilities” and how to stop them 06:42 - An overview of Google’s security ecosystem 10:00 - Why memory safety is so important 12:23 - Solving memory safety problems via languages 16:23 - Omkhar’s rapid-fire questions 18:28 - Why Christoph thinks this may be a great time for young professionals to enter the cybersecurity industry Episode links: Blog: Tackling Cybersecurity Vulnerabilities Through Secure by Design Report: Secure by Design: Google’s Perspective on Memory Safety White House Press Release: Future Software Should be Memory Safe Blog: OpenSSF Supports White House’s Efforts to Build More Secure and Measurable Software Research: Developer Ecosystems for Software Safety: Continuous Assurance at Scale…
W
What's in the SOSS? An OpenSSF Podcast
1 Vincent Danen and the Art of Vulnerability Management 18:36
18:36 Nghe Sau Nghe Sau Danh sách Thích Đã thích18:36
Nghe Sau Nghe Sau Danh sách Thích Đã thíchOmkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. He’s also on the Governing Board of the OpenSSF. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development. Links: Vincent Danen’s LinkedIn page Red Hat Product Security Vulnerability Management OpenSSF Security Toolbelt…
W
What's in the SOSS? An OpenSSF Podcast
Omkhar Arasaratnam is the General Manager of the Open Source Security Foundation ( OpenSSF ) and a veteran cybersecurity and technical risk management executive. Before joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a seasoned technology leader, Omkhar has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. He is also an accomplished author and has led contributions to many international standards. In this short preview, Omkhar offers a sneak peek into the coming What's in the SOSS? podcast series.…
Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.
Daily Deals
Daily Deals
Tương tự như What's in the SOSS? An OpenSSF Podcast
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
))
