What's in the SOSS? An OpenSSF Podcast

Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain

Jan 7, 2025

Michael Lieberman, CTO and co-founder of Kusari, dives into the essential world of supply chain security in open source. He shares his journey from programming to leading security initiatives like SLSA and GUAC. Learn about how maintainers can utilize Software Bill of Materials (SBOM) to tackle dependency management challenges. Michael also offers practical advice for newcomers to cybersecurity, emphasizing community engagement and the importance of diverse participation in enhancing security practices.

21:06

Episode guests

Michael Lieberman

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Michael Lieberman emphasizes the necessity of establishing trust through signed documentation and transparency to enhance supply chain security in open source.

The discussion highlights the importance of initiatives like SLSA and GUAC in strengthening software integrity and vulnerability management within the open source ecosystem.

Deep dives

Understanding Supply Chain Security

Supply chain security has emerged as a critical focus within the software development ecosystem, emphasizing the need for developers to ensure that their open source software is secure and trustworthy. The discussion highlights how vital it is for consumers of software to feel confident that appropriate security measures are implemented, which can be validated through signed and attested documentation. This verification process aims to establish robust connections back to software maintainers, underscoring a mutual responsibility for security. Consequently, organizations, particularly in sensitive sectors like finance, are urged to prioritize transparency in their open source contributions to improve security practices across the board.

Intro

2min

Navigating Open Source Leadership

7min

Navigating Dependency Management with SBOM and GUAC

5min

Rapid Fire Insights and Advice for Cybersecurity Newcomers

4min

Encouraging Active Participation in Open Source and Cybersecurity

3min

CRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and the future of supply chain security.

01:56 - Michael explains how he got into open source
04:10 - The challenges of being a startup within the open source ecosystem
05:38 - Michael digs into his participation with SLSA and GUAC
09:13 - How maintainers can address SBOMs with GUAC
10:56 - Michael’s predictions for supply chain security and dependency management
14:26 - Michael answers CRob’s rapid-fire questions
15:32 - Advice for those entering the cybersecurity or open source development spaces
17:50 - Michael’s call to action

Links:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

What's in the SOSS? An OpenSSF Podcast

Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Supply Chain Security

Salsa and Guac Initiatives

Engagement in the Open Source Community

Remember Everything You Learn from Podcasts