What's in the SOSS? An OpenSSF Podcast

Eric Brewer and the Future of Open Source Security

May 21, 2024

Professor Eric Brewer discusses improving security in corporate vs. open source environments, advancements in open source, making software repositories more secure, and the next big hurdle in open source security. He also shares rapid-fire answers about food preferences and tech tools, along with advice for aspiring security professionals.

16:09

Episode guests

Eric Brewer

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Improving supply chain security in open source projects is crucial, emphasizing trustworthy software and addressing dependencies and supply chain risks.

Addressing challenges in build services and automated testing is essential for open source security, with a focus on reducing financial costs and leveraging machine learning for test case generation.

Deep dives

Focus on Supply Chain Security

The discussion highlights the importance of improving supply chain security in open source projects. Eric Brewer from Google emphasizes the need for a shift towards ensuring software is built correctly and trustworthy. The complexity and risks associated with dependencies and supply chain issues are outlined, signaling a wake-up call for the industry to address these challenges. Brewer emphasizes the industry-wide nature of the problem, advocating for solutions that enhance security across the board.

Introduction

3min

Contrasting Security Practices in Corporate and Open Source Environments

2min

Advancing Open Source Security for Supply Chain Protection

6min

Rapid-Fire Questions and Career Advice in Tech

3min

Empowering Communities to Enhance Security Measures

2min

In this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s.

01:15 - Eric discusses his background
03:14 - Improving security in a corporate vs. open source environment
05:58 - Advancements Eric has noticed in open source in recent years
07:17 - How to make software repositories more secure
08:58 - The next big hurdle in open source security
11:12 - Rapid-fire questions: Mild or spicy food? Vim or Emacs? Spaces or tabs?
12:42 - Eric’s advice for aspiring security professionals
14:45 - The importance of being active in security communities

Episode links:

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

What's in the SOSS? An OpenSSF Podcast

Eric Brewer and the Future of Open Source Security

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Focus on Supply Chain Security

Corporate vs. Open Source Security Practices

Challenges of Automated Testing and Build Services

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

What's in the SOSS? An OpenSSF Podcast

Eric Brewer and the Future of Open Source Security

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Focus on Supply Chain Security

Corporate vs. Open Source Security Practices

Challenges of Automated Testing and Build Services

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights