What's in the SOSS? An OpenSSF Podcast

Eric Brewer and the Future of Open Source Security

May 21, 2024

Professor Eric Brewer discusses improving security in corporate vs. open source environments, advancements in open source, making software repositories more secure, and the next big hurdle in open source security. He also shares rapid-fire answers about food preferences and tech tools, along with advice for aspiring security professionals.

16:09

Episode guests

Eric Brewer

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Improving supply chain security in open source projects is crucial, emphasizing trustworthy software and addressing dependencies and supply chain risks.

Addressing challenges in build services and automated testing is essential for open source security, with a focus on reducing financial costs and leveraging machine learning for test case generation.

Deep dives

Focus on Supply Chain Security

The discussion highlights the importance of improving supply chain security in open source projects. Eric Brewer from Google emphasizes the need for a shift towards ensuring software is built correctly and trustworthy. The complexity and risks associated with dependencies and supply chain issues are outlined, signaling a wake-up call for the industry to address these challenges. Brewer emphasizes the industry-wide nature of the problem, advocating for solutions that enhance security across the board.

Introduction

3min

Contrasting Security Practices in Corporate and Open Source Environments

2min

Advancing Open Source Security for Supply Chain Protection

6min

Rapid-Fire Questions and Career Advice in Tech

3min

Empowering Communities to Enhance Security Measures

2min

In this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s.

01:15 - Eric discusses his background
03:14 - Improving security in a corporate vs. open source environment
05:58 - Advancements Eric has noticed in open source in recent years
07:17 - How to make software repositories more secure
08:58 - The next big hurdle in open source security
11:12 - Rapid-fire questions: Mild or spicy food? Vim or Emacs? Spaces or tabs?
12:42 - Eric’s advice for aspiring security professionals
14:45 - The importance of being active in security communities

Episode links:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

What's in the SOSS? An OpenSSF Podcast

Eric Brewer and the Future of Open Source Security

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Focus on Supply Chain Security

Corporate vs. Open Source Security Practices

Challenges of Automated Testing and Build Services

Remember Everything You Learn from Podcasts