Trust, Validation, and the Risks to Open Source Dependencies

ICYMI, listen to part one of this conversation.

Craig is the cofounder and CEO of Stacklok, which helps developers and open-source communities build safer software, secure the supply chain, and choose safer dependencies. Stacklok’s free-to-use service, Trusty, employs a statistical analysis of author/repo activity and a package’s source of origin to assess its trustworthiness.

Craig cofounded the Kubernetes project, an open-source system for automating deployment, scaling, and management of containerized applications.

Craig is on LinkedIn.

Stack Overflow user mprivat earned a well-deserved Lifeboat badge by answering Abstract class extending concrete classes.