Player FM ऐप के साथ ऑफ़लाइन जाएं!
पॉडकास्ट सुनने लायक
प्रायोजित
The Burden of Security in Software Maintenance
Manage episode 430544910 series 3446189
In this episode, John Kjell, Director of Open Source at TestifySec, discusses his involvement in various open source projects and the intricacies of maintaining such projects. John sheds light on his work with the CNCF and OpenSSF, and the impact of tools like Witness, Archivista, and SLSA. He outlines the challenges maintainers face, especially around security, and offers insights into balancing professional and personal responsibilities. John also explores the significance of community, inclusivity, and a secure developer identity in open source ecosystems.
00:00 Introduction and Guest Background
01:20 Maintainer Burnout and Security Challenges
04:41 Balancing Multiple Projects and Personal Life
07:15 Security Risks in Smaller Projects
10:13 Developer Identity and Reputation
19:37 Open Source Origin Story and Community Involvement
24:11 Optimism for the Future of Open Source Security
Enhancing Open Source Security: Introducing Siren by OpenSSF – Open Source Security Foundation
Security at Every Step: Why Software Supply Chains Are Critical
Guest: John Kjell is responsible for open source at TestifySec, a software supply chain security startup. He is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is an active contributor to CNCF's TAG Security and multiple projects within the OpenSSF. Before TestifySec, John was an engineering leader at VMware, helping to bring supply chain security features to the Tanzu Application Platform.90 एपिसोडस
Manage episode 430544910 series 3446189
In this episode, John Kjell, Director of Open Source at TestifySec, discusses his involvement in various open source projects and the intricacies of maintaining such projects. John sheds light on his work with the CNCF and OpenSSF, and the impact of tools like Witness, Archivista, and SLSA. He outlines the challenges maintainers face, especially around security, and offers insights into balancing professional and personal responsibilities. John also explores the significance of community, inclusivity, and a secure developer identity in open source ecosystems.
00:00 Introduction and Guest Background
01:20 Maintainer Burnout and Security Challenges
04:41 Balancing Multiple Projects and Personal Life
07:15 Security Risks in Smaller Projects
10:13 Developer Identity and Reputation
19:37 Open Source Origin Story and Community Involvement
24:11 Optimism for the Future of Open Source Security
Enhancing Open Source Security: Introducing Siren by OpenSSF – Open Source Security Foundation
Security at Every Step: Why Software Supply Chains Are Critical
Guest: John Kjell is responsible for open source at TestifySec, a software supply chain security startup. He is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is an active contributor to CNCF's TAG Security and multiple projects within the OpenSSF. Before TestifySec, John was an engineering leader at VMware, helping to bring supply chain security features to the Tanzu Application Platform.90 एपिसोडस
सभी एपिसोड
×1 The Open Source Path to Security and Privacy: Divvi Up and Let's Encrypt 22:02
1 Empowering Enterprises: OPEA, AI, and the Future of Storage 16:06
1 Inside CISA: Enhancing Cybersecurity Through Collaboration and Open Source Initiatives 21:16
1 AI, Community, and the Future of Generative Applications 20:53
1 Trust, Value, and Open Source: Inside Open Source Databases 23:22
1 Democratizing AI: Collaborative AI Development with InstructLab 20:53
1 Bridging the Gap: Open Source Security and Web Development 25:30
1 From Fear to Confidence: Navigating Open Source Security 25:20
1 Understanding Milvus: The Power of a Vector Database 26:45
प्लेयर एफएम में आपका स्वागत है!
प्लेयर एफएम वेब को स्कैन कर रहा है उच्च गुणवत्ता वाले पॉडकास्ट आप के आनंद लेंने के लिए अभी। यह सबसे अच्छा पॉडकास्ट एप्प है और यह Android, iPhone और वेब पर काम करता है। उपकरणों में सदस्यता को सिंक करने के लिए साइनअप करें।