Scoring your project’s security (Ship It! #94)

9 snips

Mar 9, 2024

Discussing tech trends like AI and sustainability, motivating devs to write secure code, OpenSSF Scorecards for GitHub repos, benefits of transitioning from Kafka to NAS for event streaming, tech-related name origins, and excitement for adult space camp and tech event

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Beware Leap Day Software Bugs

Be aware software can break due to unexpected date-related bugs like leap day errors.
Test applications for edge cases such as leap years to prevent real-world operational failures.

ADVICE

Secure Healthcare IT Systems

Understand the critical impact cyber attacks have on essential services like pharmacies.
Prioritize securing healthcare IT systems to prevent interruptions affecting life-saving medication access.

INSIGHT

OpenSSF Scorecards Visualize Security

OpenSSF Scorecards offer a visual security assessment for GitHub repos with a colored badge indicating security posture.
The system gamifies security by encouraging developers to improve their scores incrementally through best practices.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Autumn and Justin are joined by Chris Swan to discuss tech industry trends like AI and sustainability, gamifying the software development process and motivating devs to write more secure code, OpenSSF Scorecards and how they offer a way to measure and improve the security and compliance of GitHub repos, the scoring system, and the security posture of a repository.

Join the discussion

Changelog++ members save 10 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Synadia – Take NATS to the next level via a global, multi-cloud, multi-geo and extensible service, fully managed by Synadia. They take care of all the infrastructure, management, monitoring, and maintenance for you so you can focus on building exceptional distributed applications.
Sentry – Launch week! New features and products all week long (so get comfy)! Tune in to Sentry’s YouTube and Discord daily at 9am PT to hear the latest scoop. Too busy? No problem - enter your email address to receive all the announcements (and win swag along the way). Use the code CHANGELOG when you sign up to get $100 OFF the team plan.
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

Featuring:

Chris Swan – Website, GitHub, LinkedIn, Mastodon, X
Justin Garrison – GitHub, LinkedIn, X
Autumn Nash – GitHub, LinkedIn, X

Show Notes:

Links of the week

Person, place, thing, || null

Linux - person (Linus Torvalds)
git - person (Linus Torvalds)
Kubernetes - thing (helmsman)
Algorithms - person (Al-Khwarizmi, Persian mathmetition)
Trojan Horse - place (Troy)
Bluetooth - person (Harold Bluetooth, Denmark king)
Hadoop - thing (kids elephant toy)
Venn diagram - person (John Venn)
MySQL - person (My Widenius)
Debian - person (Deb and Ian)
Neon - Greek neon meaning new

Something missing or broken? PRs welcome!