Software Engineering Daily

Container Security with Matt Moore

Sep 26, 2024

58:18

Snipd AI

Matt Moore, Founder and CTO of Chainguard, shares his extensive experience from Microsoft and Google, focusing on container security innovations. He discusses the rising threat of software supply chain attacks and the importance of secure open source dependencies. Moore explains how reproducible builds and software bills of materials enhance security. The conversation highlights initiatives like Chain Guard images and the evolution of vulnerabilities management, emphasizing the necessity for robust practices to combat security risks in the tech sector.

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The rising threat of software supply chain attacks highlights the urgent need for organizations to secure their open source dependencies.

Chainguard offers hardened container images and a secure Linux distribution, focusing on minimizing vulnerabilities through effective patch management.

Reproducible builds are essential for verifying software integrity, enabling organizations to audit their software supply chain independently of vendor claims.

Deep dives

The Rise of Supply Chain Security

Software supply chain attacks have become a significant concern, particularly for organizations relying on numerous open source dependencies. The increase in high-profile incidents, such as the SolarWinds attack, has heightened awareness of the vulnerabilities present in software ecosystems. As a result, companies have shifted their focus to securing their supply chains, realizing that they must address these security issues proactively. The introduction of executive orders and initiatives around software bill of materials reflects the growing recognition of the necessity for improved practices in supply chain security.

Intro

2min

Pioneering Container Security at Google

26min

Understanding Reproducible Builds in Software Security

3min

Understanding Supply Chain Security: Bill of Materials and Provenance

4min

The Threat and Response to Supply Chain Attacks

6min

Navigating Developer Experience with Chain Guard Images

17min

Software supply chain attacks exploit interdependencies within software ecosystems. Security in the supply chain is a growing issue, and is particularly important for companies that rely on large numbers of open source dependencies.

Chainguard was founded in 2021 and offers tools and secure container images to improve the security of the software supply chain.

Matt Moore is the Founder and CTO of Chainguard. He started his career in compiler optimization at Microsoft and worked at Google before starting Chainguard. He joins the show with Gregor Vand to talk about container security.

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

Please click here to see the transcript of this episode.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

The post Container Security with Matt Moore appeared first on Software Engineering Daily.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Software Engineering Daily

Container Security with Matt Moore

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Rise of Supply Chain Security

Insights from ChainGuard's Founders

ChainGuard's Approach to Container Security

Understanding Reproducible Builds

Navigating the Developer Experience with ChainGuard

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Software Engineering Daily

Container Security with Matt Moore

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Rise of Supply Chain Security

Insights from ChainGuard's Founders

ChainGuard's Approach to Container Security

Understanding Reproducible Builds

Navigating the Developer Experience with ChainGuard

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights