Security Icon

Security

InfoSec, DevSec, Penetration Testing, etc.
52 episodes
All Topics

Ship It! Ship It! #94

Scoring your project’s security

Play
2024-03-09T23:00:00Z #ops +1 🎧 5,142

Autumn and Justin are joined by Chris Swan to discuss tech industry trends like AI and sustainability, gamifying the software development process and motivating devs to write more secure code, OpenSSF Scorecards and how they offer a way to measure and improve the security and compliance of GitHub repos, the scoring system, and the security posture of a repository.

Go Time Go Time #301

Go Capture the Flag! 🚩

Play
2024-01-31T16:30:00Z #go +2 🎧 12,282

Angelica is joined by Neil S Primmer & Benji Vesterby to share their experience organizing “Capture the Flag” at GopherCon 2023. CTF events involve teams vying for supremacy as they strive to gather digital flags (presented as strings) and successfully submit them to the competition organizers. In essence, it’s a thrilling “scavenger hunt for nerds.” Join us as we unravel the intricacies and excitement of this unique gaming experience!

Changelog Interviews Changelog Interviews #575

Shift left, seriously.

Play
2024-01-26T17:00:00Z #infosec +2 🎧 17,865

This week we’re going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member.

We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it’s a matter of “when” not “who.”

JS Party JS Party #293

Web dev security school

Play
2023-09-21T20:30:00Z #javascript +1 🎧 15,603

This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!

Changelog Interviews Changelog Interviews #557

Attack of the Canaries!

Play
2023-09-13T22:00:00Z #infosec +1 🎧 22,502

This week we’re joined by Haroon Meer from Thinkst — the makers of Canary and Canary Tokens. Haroon walks us through a network getting compromised, what it takes to deploy a Canary on your network, how they maintain low false-positive numbers, their thoughts and principles on building their business (major wisdom shared!), and how a Canary helps surface network attacks in real time.

JS Party JS Party #282

The massive bug at the heart of npm

Play
2023-07-07T16:30:00Z #javascript +3 🎧 16,480

Darcy Clarke, former GitHub Staff Engineering Manager and founder of vlt, joins us to discuss a major bug in the npm ecosystem that he recently disclosed. We cover the bug’s timeline, nuances, and impact, all while setting some important context on npm packages, clients, and registries. Tune in to learn how to protect your codebase and gain a deeper understanding of this crucial part of the JavaScript ecosystem.

JS Party JS Party #272

Making "safe npm"

Play
2023-04-21T17:15:00Z #javascript +2 🎧 16,375

Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code

Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.

Practical AI Practical AI #201

Protecting us with the Database of Evil

Play
2022-11-16T17:20:00Z #ai +3 🎧 20,431

Online platforms and their users are susceptible to a barrage of threats – from disinformation to extremism to terror. Daniel and Chris chat with Matar Haller, VP of Data at ActiveFence, a leader in identifying online harm – is using a combination of AI technology and leading subject matter experts to provide Trust & Safety teams with precise, real-time data, in-depth intelligence, and automated tools to protect users and ensure safe online experiences.

Ship It! Ship It! #76

Container base images with glibc & musl

Play
2022-10-27T14:30:00Z #ops +2 🎧 7,690

In today’s episode, we talk about distroless, ko, apko, melange, musl and glibc. The context is Wolfi OS, a community Linux OS designed for the container and cloud-native era. If you are looking for the lightest possible container base image with 0 CVEs and both glibc and musl support, Wolfi OS & the related chainguard-images are worth checking out.

Ariadne Conill is an Alpine Linux TSC member & Software Engineer at Chainguard.

Ship It! Ship It! #58

How to keep a secret

Play
2022-06-22T20:20:00Z #ops +2 🎧 7,788

Rob Barnes (a.k.a. Devops Rob) and Rosemary Wang (author of Infrastructure as Code - Patterns & Practices) are joining us today to talk about infrastructure secrets.

What do Rosemary and Rob think about committing encrypted secrets into a repository? How do they suggest that we improve on storing secrets in LastPass? And if we were to choose HashiCorp Vault, what do we need to know?

Thank you Thomas Eckert for the intro. Thank you Nabeel Sulieman (ep. 46) & Kelsey Hightower (ep. 44) for your gentle nudges towards improving our infra secrets management.

Changelog Interviews Changelog Interviews #490

Schneier on security for tomorrow’s software

Play
2022-05-20T21:00:00Z #infosec +1 🎧 40,772

This week we’re talking with Bruce Schneier — cryptographer, computer security professional, privacy specialist, and writer (of many books). He calls himself a “public-interest technologist”, a term he coined himself, and works at the intersection of security, technology, and people.

Bruce has been writing about security issues on his blog since 2004, his monthly newsletter has been going since 1998, he’s a fellow and lecturer at Harvard’s Kennedy School, a board member of the EFF, and the Chief of Security Architecture at Inrupt. Long story short, Bruce has credentials to back up his opinions and on today’s show we dig into the state of cyber-security, security and privacy best practices, his thoughts on Bitcoin (and other crypto-currencies), Tim Berners-Lee’s Solid project, and of course we asked Bruce to share his advice for today’s developers building the software systems of tomorrow.

Ship It! Ship It! #53

Securing K8s releases (KubeCon EU 2022)

Play
2022-05-20T17:10:00Z #kubernetes +2 🎧 6,521

Today we are at KubeCon CloudNativeCon EU 2022, talking to Adolfo García Veytia about securing Kubernetes releases. Adolfo is a Staff Software Engineer at Chainguard, and one of the technical leads for SIG release, meaning that he helps ship Kubernetes. You most likely know him as Puerco, and have seen first-hand his passion for securing software via SBOMs, cosign and SLSA. Puerco’s love for bikes and Chainguard are a great match 🚴‍♂️

Player art
  0:00 / 0:00