Cisco’s Michael Chenetz, host of the Cloud Unfiltered podcast, joins us to talk through security challenges unique to Kubernetes, and the journey to the cloud native ecosystem for everyone from beginners to veterans. Resources: Overview of Cloud Native Security
Tag: security
Open At Intel: Security and the OSPO
Jessica Marz, Director of Intel’s Open Source Program Office, discusses the role of the OSPO in securing the software supply chain and the role she plays in encouraging good open source citizenship.
Open At Intel: Assessing Project Security with OpenSSF Scorecard
Evaluating security risk associated with open source software projects can be a complex or even daunting task, but an Open Source Security Foundation project called OpenSSF Scorecard helps put some order and automation into the process. In this episode, we chat with one of OpenSSF Scorecard’s contributors, Brian Russell of Google, and Ryan Ware, Director of Open Source Security… Continue reading Open At Intel: Assessing Project Security with OpenSSF Scorecard
Open At Intel: Consuming Open Source Software Securely
In this episode, we discuss best practices for evaluating and consuming open source software with Ryan Ware, director of open source security at Intel. Ryan will share his wisdom earned over decades working with open source software security.
Open at Intel: Scanning for Vulnerabilities with CVE Binary Tool
This episode explores an open source software vulnerability scanner called CVE Binary Tool, which scans binaries and component lists in your project and reports back known vulnerabilities based on data from NIST’s National Vulnerability Database (NVD) list of Common Vulnerabilities and Exposures (CVEs). My guest is Dr. Terry Oda, a security researcher at Intel and the lead maintainer of CVE Binary… Continue reading Open at Intel: Scanning for Vulnerabilities with CVE Binary Tool
Open at Intel: Securing Applications with Gramine
Mona Vij, principal engineer at Intel Labs, leads Intel’s efforts on the Gramine project, which is a library OS that allows for running unmodified applications and, among other things, solves the problem of running applications out-of-the-box on Intel SGX-enabled hardware. We’ll dive into Gramine, a Confidential Computing Consortium Project and discuss easing the path to running in a trusted… Continue reading Open at Intel: Securing Applications with Gramine
Open at Intel: Confidential Computing
I spoke with Dan Middleton of Intel and Dave Thaler of Microsoft about their work furthering confidential computing technology via the Confidential Computing Consortium. Links: Confidential Computing Consortium
Hear me on Open at Intel: Software Supply Chains
Marcela Melara, a research scientist in the security and Privacy Research Group at Intel Labs, and Bruno Domingues, a chief technology officer in the financial services industry practice and a SLSA project contributor share their deep knowledge about software supply chain Security, a subject on everyone’s minds today.
Reality 2.0: User Sovereignty and Authenticity in Commerce
Katherine Druckman and Doc Searls hear Dave Huseby’s new ideas about identity verification and data authenticity in commerce. Episode Links
Hear me on Open at Intel: All About SBOMs: The Software Bill of Materials
SBOM stands for Software Bill of Materials, and this humble but critically important document is getting a lot of airtime recently, especially after United States Executive Order 14028 issued strong guidance on requiring SBOMS for government software acquisitions. Alexios Zavras of Intel’s Open Ecosystem Group and Kate Stewart of the Linux Foundation are SBOM experts who are active… Continue reading Hear me on Open at Intel: All About SBOMs: The Software Bill of Materials