
The Stack Overflow Podcast
Trust as a service for validating OSS dependencies
Nov 14, 2023
Craig, co-founder and CEO of Stacklok, discusses trust and validation of OSS dependencies. They introduce Trusty and MINDER, two projects that enhance package security. AI is used to recommend alternative packages and promote security practices.
12:49
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- The traditional currency of CVEs is no longer effective, and the community needs to improve security practices and connect source of origin to artifact for better security posture.
- Stack Lock has developed Trusty and Minder to provide developers with unique insights, automate security processes, and ensure better security posture.
Deep dives
The Pain Point Six-Store Addressed
Six-Store was created to address the lack of easy signing and publishing of provenance information associated with a package. It aimed to provide a deterministic view of package production, including the source and context.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.