The Stack Overflow Podcast

Trust as a service for validating OSS dependencies

Nov 14, 2023

Craig, co-founder and CEO of Stacklok, discusses trust and validation of OSS dependencies. They introduce Trusty and MINDER, two projects that enhance package security. AI is used to recommend alternative packages and promote security practices.

12:49

Creator website

Episode guests

Craig

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The traditional currency of CVEs is no longer effective, and the community needs to improve security practices and connect source of origin to artifact for better security posture.

Stack Lock has developed Trusty and Minder to provide developers with unique insights, automate security processes, and ensure better security posture.

Deep dives

The Pain Point Six-Store Addressed

Six-Store was created to address the lack of easy signing and publishing of provenance information associated with a package. It aimed to provide a deterministic view of package production, including the source and context.

Introduction

2min

Trust, Validation, and the Risks to Open Source Dependencies

5min

Analyzing OSS Dependencies with Data Science and Introducing Trusty and MINDER

3min

Using AI to Recommend Alternative Packages and Promote Security Practices

3min

ICYMI, listen to part one of this conversation.

Craig is the cofounder and CEO of Stacklok, which helps developers and open-source communities build safer software, secure the supply chain, and choose safer dependencies. Stacklok’s free-to-use service, Trusty, employs a statistical analysis of author/repo activity and a package’s source of origin to assess its trustworthiness.

Craig cofounded the Kubernetes project, an open-source system for automating deployment, scaling, and management of containerized applications.

Craig is on LinkedIn.

Stack Overflow user mprivat earned a well-deserved Lifeboat badge by answering Abstract class extending concrete classes.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

The Stack Overflow Podcast

Trust as a service for validating OSS dependencies

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Pain Point Six-Store Addressed

The Risks to Open Source Software Supply Chain

Trusty and Minder: Enhancing Security and Helping Open Source Communities

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

The Stack Overflow Podcast

Trust as a service for validating OSS dependencies

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Pain Point Six-Store Addressed

The Risks to Open Source Software Supply Chain

Trusty and Minder: Enhancing Security and Helping Open Source Communities

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights