Google’s Andrew Pollock and Addressing Open Source Vulnerabilities

Episode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, great user experiences and self-service opportunities. He has primarily worked in Linux/Unix environments as a Site Reliability Engineer or Security Engineer, with a strong interest in process improvement and automation.

• 00:52 - Andrew shares his background as a “mid-90s data nerd”
• 02:31 - Managing vulnerabilities in the open source ecosystem
• 03:57 - How to navigate inconsistent metadata
• 06:26 - The challenge of source attribution
• 07:54 - The rapid-fire round
• 09:15 - Andrew’s advice to open source developers
• 10:22 - Andrew’s call to action to developers

Episode links:

• Andrew Pollock on LinkedIn
• Getting to know the Open Source Vulnerability format
• OSV.dev
• Get involved in the OpenSSF community