Ship It! Cloud, SRE, Platform Engineering

Scoring your project’s security

Mar 9, 2024

Discussion on AI trends in tech, gamifying code security, OpenSSF Scorecards for GitHub repos, improving security posture, automating secure repositories, creative tech naming origins, and nerdy conference excitement

Ask episode

Chapters

Transcript

Episode notes

Introduction

00:00 • 2min

Navigating Security Metrics and Cyber Attacks in Healthcare

01:59 • 8min

Medicine Costs, Memory-Safe Languages, Government Software, and Security Measures in Open Source Projects

09:59 • 4min

Enhancing Developer Experience with AI and Mobile Features

14:09 • 2min

Upcoming Announcements, Integrations, Launch Week, and Security Scorecards

16:05 • 2min

Enhancing Open Source Security with Scorecards

17:58 • 16min

Embracing Continuous Integration for Documentation Repositories

33:29 • 16min

Balancing Attention and Maintenance in Open Source Projects

49:35 • 11min

Transition to Automated Processes for Secure Repositories

01:00:23 • 10min

The Art of Naming in Technology

01:10:09 • 11min

Excitement for Nerd Olympics and Conference Fun

01:20:53 • 3min

Autumn and Justin are joined by Chris Swan to discuss tech industry trends like AI and sustainability, gamifying the software development process and motivating devs to write more secure code, OpenSSF Scorecards and how they offer a way to measure and improve the security and compliance of GitHub repos, the scoring system, and the security posture of a repository.

Join the discussion

Changelog++ members save 10 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Synadia – Take NATS to the next level via a global, multi-cloud, multi-geo and extensible service, fully managed by Synadia. They take care of all the infrastructure, management, monitoring, and maintenance for you so you can focus on building exceptional distributed applications.
Sentry – Launch week! New features and products all week long (so get comfy)! Tune in to Sentry’s YouTube and Discord daily at 9am PT to hear the latest scoop. Too busy? No problem - enter your email address to receive all the announcements (and win swag along the way). Use the code CHANGELOG when you sign up to get $100 OFF the team plan.
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

Featuring:

Chris Swan – Website, GitHub, LinkedIn, Mastodon, X
Justin Garrison – GitHub, LinkedIn, X
Autumn Nash – GitHub, LinkedIn, X

Show Notes:

Links of the week

Person, place, thing, || null

Linux - person (Linus Torvalds)
git - person (Linus Torvalds)
Kubernetes - thing (helmsman)
Algorithms - person (Al-Khwarizmi, Persian mathmetition)
Trojan Horse - place (Troy)
Bluetooth - person (Harold Bluetooth, Denmark king)
Hadoop - thing (kids elephant toy)
Venn diagram - person (John Venn)
MySQL - person (My Widenius)
Debian - person (Deb and Ian)
Neon - Greek neon meaning new

Something missing or broken? PRs welcome!