Application Security Weekly Subscribe

Application security, Compliance Management

Syncing of the Minds – ASW #101

March 23, 2020

Full Audio

View Show Index

Segments

1. Singularity: A Different Take on Container Security – Adam Hughes – ASW #101

Singularity is a container runtime that was built from the ground up to live in multi-user environments where POSIX permissions must be respected. In addition to a novel runtime approach, the Singularity Image Format (SIF) differs significantly from other container image formats, with built-in support for full image encryption as well as digital signatures.

Guest

Adam Hughes

Chief Software Architect at Sylabs Inc.

Adam is a developer with nearly two decades of experience in cyber security, real-time operating systems, carrier grade telecommunications systems, and large-scale distributed systems. After joining Sylabs in early 2018, he helped develop the Singularity Container Services suite, which forms an ecosystem around the Singularity container runtime. He has since taken on the role of Chief Software Architect and is now responsible for technical leadership of all Sylabs products.

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Chief Product Officer at CyberSaint

2. The Benefits of SAST and SCA in Your IDE – Utsav Sanghani – ASW #101

Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn't designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming. That’s where software composition analysis (SCA) comes in. Introducing a new functionality within the Code Sight IDE plugin that combines SAST and SCA in one place to enable secure development.

Guest

Utsav Sanghani

Senior Product Manager at Synopsys

Utsav Sanghani is a senior product manager at Synopsys where he supports strategic cloud product initiatives. He works closely with customers, engineers, and design teams to guide strategic products from conception to launch and straightens out any potential hurdles in the process. He holds a business degree from Dartmouth College and a bachelor’s degree in engineering from the University of Mumbai, India.

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Chief Product Officer at CyberSaint

Related

Application security

XZ & Open Source, PuTTY’s Private Keys, LeakyCLI, LLMs Writing Exploits – ASW #282

April 22, 2024

CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more!

Application security

Sustainable Funding of Open Source Tools – Simon Bennetts, Mark Curphey – ASW #282

April 22, 2024

How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu...

Crazy money and crazy outcomes – cybersecurity acquisitions in all shapes and sizes – ESW #358

April 18, 2024

This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million??? Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively) Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Te...