In this episode, we sit down with Luke Hinds, CTO of Stacklok and creator of Sigstore, to learn from his extensive background in open source security. Luke shares insights into his journey and passion for security, highlighting the thrill of the 'cat and mouse' dynamics. He discusses Stacklok’s project, Minder, a software supply chain platform designed to streamline security while boosting developer productivity. Luke also touches on Trusty, another Stacklok initiative aimed at assessing the security risks of open source packages using data science. The conversation expands to the impact of AI on code contributions and developer identity, reflecting on the evolving dynamics in software development and security. Finally, Luke shares thoughts on the ongoing challenges and opportunities in bridging the gap between operations and engineering to maintain robust security in fast-paced development environments.
00:00 Introduction
02:29 Personal Reflections on Security
04:14 Introduction to Stacklok and Minder
05:02 Minder's Features and Capabilities
07:38 Target Audience and Use Cases for Minder
10:41 Balancing Security and Developer Productivity
13:00 The Importance of Seamless Security
13:52 Introduction to Trusty: Understanding Open Source Security Risks
14:45 Analyzing Malicious Packages and Developer Contributions
18:06 The Role of Developer Identity in Open Source Projects
19:20 AI's Impact on Code Development and Security
20:10 Challenges and Future Directions in Developer Identity
23:31 Concluding Thoughts and Future Conversations
Guest:Luke Hinds is the CTO of Stacklok. He is the creator of the open source project sigstore, which makes it easier for developers to sign and verify software artifacts. Prior to Stacklok, Luke was a distinguished engineer at Red Hat.
Remember Everything You Learn from Podcasts
