Podcast Episodes
Back to Search
STIG automation with Aaron Lippold
I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools l…
Published on 3 months ago
Ecosyste.ms with Andrew Nesbitt
I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more. With this dataset Andrew i…
Published on 3 months, 1 week ago
Curl vs AI with Daniel Stenberg
Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's new policy of banning the bad actors while establish…
Published on 3 months, 2 weeks ago
Repository signing with Kairo De Araujo
I recently had a chat with Kairo about a project he maintains called Repository Service for TUF (RSTUF). We explain why TUF is tough (har har har), what RSTUF can do, and some of the challenges aroun…
Published on 3 months, 3 weeks ago
Securing GitHub Actions with William Woodruff
William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent secu…
Published on 3 months, 4 weeks ago
Embedded Security with Paul Asadoorian
Recently, I had the pleasure of chatting with Paul Asadoorian, Principal Security Researcher at Eclypsium and the host of the legendary Paul's Security Weekly podcast. Our conversation dove into the …
Published on 4 months ago
tj-actions with Endor Lab's Dimitri Stiliadis
Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-sta…
Published on 4 months, 1 week ago
Syft, Grype, and Grant with Alan Pope
I chat with Alan Pope about the open source security tools Syft, Grype, and Grant. These tools help create Software Bills of Materials (SBOMs) and scan for vulnerabilities. Learn why generating and s…
Published on 4 months, 2 weeks ago
CVE for EOL with Aaron Frost
Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with …
Published on 4 months, 3 weeks ago
cargo-semver-checks with Predrag Gruevski
Cargo Semver Checks is a Rust tool by Predrag Gruevski that is tackling the problem of broken dependencies that cost developers time when trying to upgrade dependencies. Predrag's work shows how auto…
Published on 5 months ago