The Stack Overflow Podcast cover image

The Stack Overflow Podcast

Trust as a service for validating OSS dependencies

Nov 14, 2023
Craig, co-founder and CEO of Stacklok, discusses trust and validation of OSS dependencies. They introduce Trusty and MINDER, two projects that enhance package security. AI is used to recommend alternative packages and promote security practices.
12:49

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • The traditional currency of CVEs is no longer effective, and the community needs to improve security practices and connect source of origin to artifact for better security posture.
  • Stack Lock has developed Trusty and Minder to provide developers with unique insights, automate security processes, and ensure better security posture.

Deep dives

The Pain Point Six-Store Addressed

Six-Store was created to address the lack of easy signing and publishing of provenance information associated with a package. It aimed to provide a deterministic view of package production, including the source and context.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner