What's in the SOSS? An OpenSSF Podcast cover image

What's in the SOSS? An OpenSSF Podcast

Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain

Jan 7, 2025
Michael Lieberman, CTO and co-founder of Kusari, dives into the essential world of supply chain security in open source. He shares his journey from programming to leading security initiatives like SLSA and GUAC. Learn about how maintainers can utilize Software Bill of Materials (SBOM) to tackle dependency management challenges. Michael also offers practical advice for newcomers to cybersecurity, emphasizing community engagement and the importance of diverse participation in enhancing security practices.
21:06

Episode guests

Michael Lieberman

Podcast summary created with Snipd AI

Quick takeaways

  • Michael Lieberman emphasizes the necessity of establishing trust through signed documentation and transparency to enhance supply chain security in open source.
  • The discussion highlights the importance of initiatives like SLSA and GUAC in strengthening software integrity and vulnerability management within the open source ecosystem.

Deep dives

Understanding Supply Chain Security

Supply chain security has emerged as a critical focus within the software development ecosystem, emphasizing the need for developers to ensure that their open source software is secure and trustworthy. The discussion highlights how vital it is for consumers of software to feel confident that appropriate security measures are implemented, which can be validated through signed and attested documentation. This verification process aims to establish robust connections back to software maintainers, underscoring a mutual responsibility for security. Consequently, organizations, particularly in sensitive sectors like finance, are urged to prioritize transparency in their open source contributions to improve security practices across the board.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode