This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Inhalt bereitgestellt von Jacob Beningo. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Jacob Beningo oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Ähnelt The Embedded Frontier
A podcast about web design and development.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
Become the best software developer you can be
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
1
Software Engineering Radio - the podcast for professional software developers
se-radio@computer.org
Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. SE Radio covers all topics software engineering. Episodes are either tutorials on a specific topic, or an interview with a well-known character from the software engineering world. All SE Radio episodes are original content — we do not record conferences or talks given in other venues. Each episode comprises two speakers to ensure a lively ...
…
continue reading
Player FM - Podcast-App
Gehen Sie mit der App Player FM offline!
Gehen Sie mit der App Player FM offline!
))
#005 - The Risks of Zero-Day Attacks in Open Source Software with Frank Huerta
Manage episode 424636861 series 3546005
Inhalt bereitgestellt von Jacob Beningo. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Jacob Beningo oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Summary
In this episode, Jacob Beningo interviews Frank Herta, the CEO of Curtail Incorporated, about the risks of zero-day attacks in open source software. They discuss the importance of DevSecOps and the need for comprehensive security measures. Frank shares his background in security and how his company is working on detecting zero-day bugs.
They also explore the vulnerabilities of open source software and the potential for third-party supply chain attacks. Open source software testing differs from proprietary software testing in terms of who is responsible for testing. Open source projects have their own testing processes, but it's important for software developers to test the open source software in the context of their own applications.
DevSecOps is a cultural shift that aims to integrate security and testing throughout the software development process. It involves early testing, collaboration between teams, and a focus on security from the beginning. The nature of threats in open source software is changing, with third-party attacks on repositories becoming a major concern. Complacency and slow response times are also issues that need to be addressed.
Developers and managers using open source software should follow security best practices, stay updated on vulnerabilities, and actively test their software. Curtail is working on innovative solutions to analyze and compare different open source packages for better security.
Keywords
embedded systems, open source software, zero-day attacks, DevSecOps, security measures, vulnerabilities, supply chain attacks, open source software, testing, proprietary software, DevSecOps, third-party attacks, complacency, response time, security best practices, Curtail
Takeaways
- Open source software is prevalent in the industry, with 70-90% of software being open source-based.
- Companies and their customers are at risk of zero-day attacks due to the widespread use of open source software.
- Historical examples like Heartbleed and Apache Struts have demonstrated the vulnerabilities of open source software.
- DevSecOps is crucial for integrating security measures throughout the software development lifecycle.
- Comprehensive testing, documentation, and active involvement in open source communities can help mitigate security risks.
- Comparing different versions of open source software and monitoring network behavior can help detect changes and potential vulnerabilities. Open source software should be tested in the context of the specific application it will be used in.
- DevSecOps is a cultural shift that integrates security and testing throughout the software development process.
- Third-party attacks on open source repositories are a growing concern.
- Complacency and slow response times can lead to security vulnerabilities.
- Developers and managers should follow security best practices and actively test their software.
- Curtail is working on innovative solutions to analyze and compare different open source packages for better security.
Kapitel
1. Introduction to Embedded Frontier Podcast (00:00:00)
2. Interview with Frank Herta, CEO of Curtail Incorporated (00:01:25)
3. Vulnerabilities and Historical Examples of Open Source Software (00:23:10)
4. Comprehensive Security Measures for Open Source Software (00:25:08)
5. Detecting Zero-Day Bugs and Monitoring Network Behavior (00:26:37)
6. Mitigating Security Risks through Testing and Active Involvement (00:29:17)
7. The Cultural Shift of DevSecOps (00:31:04)
8. Changing Nature of Threats (00:42:12)
9. Avoiding Complacency and Improving Response Times (00:47:55)
10. Best Practices for Using Open Source Software (00:48:53)
11. Innovative Solutions from Curtail (00:50:18)
6 Episoden
Teilen
Manage episode 424636861 series 3546005
Inhalt bereitgestellt von Jacob Beningo. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Jacob Beningo oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Summary
In this episode, Jacob Beningo interviews Frank Herta, the CEO of Curtail Incorporated, about the risks of zero-day attacks in open source software. They discuss the importance of DevSecOps and the need for comprehensive security measures. Frank shares his background in security and how his company is working on detecting zero-day bugs.
They also explore the vulnerabilities of open source software and the potential for third-party supply chain attacks. Open source software testing differs from proprietary software testing in terms of who is responsible for testing. Open source projects have their own testing processes, but it's important for software developers to test the open source software in the context of their own applications.
DevSecOps is a cultural shift that aims to integrate security and testing throughout the software development process. It involves early testing, collaboration between teams, and a focus on security from the beginning. The nature of threats in open source software is changing, with third-party attacks on repositories becoming a major concern. Complacency and slow response times are also issues that need to be addressed.
Developers and managers using open source software should follow security best practices, stay updated on vulnerabilities, and actively test their software. Curtail is working on innovative solutions to analyze and compare different open source packages for better security.
Keywords
embedded systems, open source software, zero-day attacks, DevSecOps, security measures, vulnerabilities, supply chain attacks, open source software, testing, proprietary software, DevSecOps, third-party attacks, complacency, response time, security best practices, Curtail
Takeaways
- Open source software is prevalent in the industry, with 70-90% of software being open source-based.
- Companies and their customers are at risk of zero-day attacks due to the widespread use of open source software.
- Historical examples like Heartbleed and Apache Struts have demonstrated the vulnerabilities of open source software.
- DevSecOps is crucial for integrating security measures throughout the software development lifecycle.
- Comprehensive testing, documentation, and active involvement in open source communities can help mitigate security risks.
- Comparing different versions of open source software and monitoring network behavior can help detect changes and potential vulnerabilities. Open source software should be tested in the context of the specific application it will be used in.
- DevSecOps is a cultural shift that integrates security and testing throughout the software development process.
- Third-party attacks on open source repositories are a growing concern.
- Complacency and slow response times can lead to security vulnerabilities.
- Developers and managers should follow security best practices and actively test their software.
- Curtail is working on innovative solutions to analyze and compare different open source packages for better security.
Kapitel
1. Introduction to Embedded Frontier Podcast (00:00:00)
2. Interview with Frank Herta, CEO of Curtail Incorporated (00:01:25)
3. Vulnerabilities and Historical Examples of Open Source Software (00:23:10)
4. Comprehensive Security Measures for Open Source Software (00:25:08)
5. Detecting Zero-Day Bugs and Monitoring Network Behavior (00:26:37)
6. Mitigating Security Risks through Testing and Active Involvement (00:29:17)
7. The Cultural Shift of DevSecOps (00:31:04)
8. Changing Nature of Threats (00:42:12)
9. Avoiding Complacency and Improving Response Times (00:47:55)
10. Best Practices for Using Open Source Software (00:48:53)
11. Innovative Solutions from Curtail (00:50:18)
6 Episoden
Alle Folgen
×
Willkommen auf Player FM!
Player FM scannt gerade das Web nach Podcasts mit hoher Qualität, die du genießen kannst. Es ist die beste Podcast-App und funktioniert auf Android, iPhone und im Web. Melde dich an, um Abos geräteübergreifend zu synchronisieren.
Ähnelt The Embedded Frontier
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
A podcast about web design and development.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
Become the best software developer you can be
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
1
Software Engineering Radio - the podcast for professional software developers
se-radio@computer.org
Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. SE Radio covers all topics software engineering. Episodes are either tutorials on a specific topic, or an interview with a well-known character from the software engineering world. All SE Radio episodes are original content — we do not record conferences or talks given in other venues. Each episode comprises two speakers to ensure a lively ...
…
continue reading
Player FM - Podcast-App
Gehen Sie mit der App Player FM offline!
Gehen Sie mit der App Player FM offline!
