Paul's Security Weekly Subscribe

Identity, Security Staff Acquisition & Development, Supply chain

How Do We Raise the Floor for Software Quality? – Brian Behlendorf – PSW #770

January 25, 2023

Open source is the bedrock of most of the world’s software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and tools and processes that encourage teamwork and shared responsibility for security. Several efforts are underway in major open source communities to address these issues. At the Open Source Security Foundation (OpenSSF), major companies, open source software maintainers, startup companies and government actors are working together to improve open source software supply chain security. Brian will share his view of this landscape, detail the work being done at the OpenSSF, show where those efforts are already bearing fruit, and demonstrate what you and your organization can (must!) do to participate in these efforts.

Segment Resources: https://openssf.org/

Full episode and show notes

Announcements

Join our Discord channel to chat with us throughout the live show today! Visit securityweekly.com/discord to receive an invite and become part of our community.

Guest

Brian Behlendorf

Brian Behlendorf

General Manager at Open Source Security Foundation (OpenSSF)

Brian Behlendorf is the General Manager for the Open Source Security Foundation (OpenSSF), an initiative of the Linux Foundation, focused on securing the open source ecosystem. Brian has founded and led open source software communities and initiatives for more than 30 years, first as a co-founder of the Apache Software Foundation and then later as a founding board member of both the Open Source Initiative and the Mozilla Foundation. In parallel, Brian co-founded or was CTO for a series of startups (Wired Magazine, Organic Online, CollabNet) before pivoting towards public service serving the White House CTO office in the Obama Administration and then serving as CTO for the World Economic Forum. Brian joined the Linux Foundation in 2016 to lead Hyperledger, the distributed ledger initiative now core to supply chain traceability and central bank digital currency efforts worldwide, and has led the OpenSSF since September 2021.

Hosts

Josh Marpet

Josh Marpet

Executive Director at RM-ISAO

Larry Pesce

Larry Pesce

Product Security Research and Analysis Director at Finite State

https://www.finitestate.io/

Sam Bowne

Sam Bowne

Founder at Infosec Decoded, Inc.

https://samsclass.info/

Tyler Robinson

Tyler Robinson

Founder & CEO at Dark Element

http://darkelement.io/

Related

Prioritizing Identity and Getting the Fundamentals Right – Bezawit Sumner – CSP #151

December 5, 2023

Prioritizing identity and getting the fundamentals right. We are managing more identities than ever – people-people, machine-to-machine, and people-machines. What actions should CISOs be ensuring are being done within the environment to prioritize identities? Join us as we discuss where Bezwit has focused to enhance the identity management process....

The Evolving Role of the Browser in the Modern Enterprise World – Noriko Bouffard, Marco Genovese – ESW #337

October 26, 2023

In the age of remote and hybrid work, employees are now spending most of their time in the browser or virtual meetings, making the browser an increasingly important part of an enterprise's security strategy. According to Gartner, “By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on m...

Application security

OAuth, WebAuthn, and the Impact of Design Choices – Dan Moore – ASW #260

October 23, 2023

We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds of trade-offs they weigh for adoption and security, and how a standard evolves over time to keep pace with new attacks and put to rest old mistakes. Segment resources: https://fusionauth.io/docs/v...