What's in the SOSS? An OpenSSF Podcast Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain
5 snips
Jan 7, 2025 Michael Lieberman, CTO and co-founder of Kusari, dives into the essential world of supply chain security in open source. He shares his journey from programming to leading security initiatives like SLSA and GUAC. Learn about how maintainers can utilize Software Bill of Materials (SBOM) to tackle dependency management challenges. Michael also offers practical advice for newcomers to cybersecurity, emphasizing community engagement and the importance of diverse participation in enhancing security practices.
AI Snips
Chapters
Transcript
Episode notes
Open Source Origin Story
- Michael Lieberman's open-source journey started with early Python use and evolved into contributing back while working at Bridgewater.
- His involvement deepened during the pandemic, leading to contributions to CNCF and OpenSSF projects.
Startup Challenges in Open Source
- Startups in open source must demonstrate value through contributions, not just words.
- Active participation and doing the "chopping wood" work builds credibility and recognition.
SLSA and GUAC Involvement
- Michael Lieberman became involved with SLSA early, recognizing its focus on verifying security practices.
- This led to his involvement in GUAC, a tool to analyze SBOMs and other supply chain metadata.