What's in the SOSS? An OpenSSF Podcast Eric Brewer and the Future of Open Source Security
6 snips
May 21, 2024 
Professor Eric Brewer discusses improving security in corporate vs. open source environments, advancements in open source, making software repositories more secure, and the next big hurdle in open source security. He also shares rapid-fire answers about food preferences and tech tools, along with advice for aspiring security professionals.
AI Snips
Chapters
Transcript
Episode notes
Kubernetes Supply Chain Wake-Up
- Eric Brewer noticed Kubernetes depended on many untrustworthy dependencies in 2018.
- He realized the issue was broader, identifying it as a supply chain problem, prompting internal talks on security.
Security: Corporate vs Open Source
- Corporate environments can control code and use private copies for security.
- Open source maintainers face challenges using direct internet dependencies and paying for secure builds.
Know Critical Projects' Role
- Improve software repositories by knowing which projects are critical infrastructure.
- Distinguish projects that commit to security in critical infrastructure from those meant for fun or exploration.