The open source software ecosystem has always faced tough challenges related to community, governance, and scalability. More than ever before, much conversation about open source struggles is devoted to the security of the software supply chain, especially when considering the unique challenges of a distributed, often anonymous, community-based development team. Josh Bressers, VP of Security… Continue reading Open At Intel: Open Source Isn’t Broken
Tag: software supply chain
Open At Intel: Building Trust with Attestation
In this episode, we dive deep into the concept of attestation as it relates to building trust in our software and systems. Marcela Melara and Vinnie Scarlata take us on a technical tour of both software and remote attestation and how these relate to ideas we’ve covered previously with software supply chain security and confidential computing. We talk… Continue reading Open At Intel: Building Trust with Attestation
Open At Intel: Assessing Project Security with OpenSSF Scorecard
Evaluating security risk associated with open source software projects can be a complex or even daunting task, but an Open Source Security Foundation project called OpenSSF Scorecard helps put some order and automation into the process. In this episode, we chat with one of OpenSSF Scorecard’s contributors, Brian Russell of Google, and Ryan Ware, Director of Open Source Security… Continue reading Open At Intel: Assessing Project Security with OpenSSF Scorecard
Open at Intel: Scanning for Vulnerabilities with CVE Binary Tool
This episode explores an open source software vulnerability scanner called CVE Binary Tool, which scans binaries and component lists in your project and reports back known vulnerabilities based on data from NIST’s National Vulnerability Database (NVD) list of Common Vulnerabilities and Exposures (CVEs). My guest is Dr. Terry Oda, a security researcher at Intel and the lead maintainer of CVE Binary… Continue reading Open at Intel: Scanning for Vulnerabilities with CVE Binary Tool
Hear me on Open at Intel: Software Supply Chains
Marcela Melara, a research scientist in the security and Privacy Research Group at Intel Labs, and Bruno Domingues, a chief technology officer in the financial services industry practice and a SLSA project contributor share their deep knowledge about software supply chain Security, a subject on everyone’s minds today.