24 min listen
Software Supply Chain Security, with Priya Wadhwa
Software Supply Chain Security, with Priya Wadhwa
ratings:
Length:
36 minutes
Released:
Jul 23, 2021
Format:
Podcast episode
Description
The idea of software supply chain security rocketed into the public consciousness in the last year, with the news that US government agencies had been breached. Priya Wadhwa is a software engineer at Google working on open source security, including projects to secure and verify container deployments. She outlines what is being done to make sure this doesn’t happen to you.
Do you have something cool to share? Some questions? Let us know:
web: kubernetespodcast.com
mail: kubernetespodcast@google.com
twitter: @kubernetespod
Chatter of the week
Virgin Galactic launch
NBC News
BBC News
Blue Origin launch
NBC News
BBC News
Rocket scene from Austin Powers: The Spy Who Shagged Me
The memes
News of the week
Google Cloud Container Security webinar
Register for Google Cloud Next 2021
Google Cloud IDS
Windows Server support for Anthos on-prem
Multi-Cluster Ingress for GKE
CVE-2021-22555: Kernel code execution through Netfilter bug
CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
CVE-2021-32690: Helm repository credentials passed to alternate domain
Attacks on Argo Workflows discovered by Intezer
Sysdig acquires Apolicy; Apolicy acquired by Sysdig
CockroachDB Operator for Kubernetes
Automatic remediation of Kubernetes nodes at Cloudflare
Sciuro
Kured
CNCF App Delivery TAG publishes operator whitepaper
Links from the interview
Software supply chain
Know, Prevent, Fix
Reproducible builds
Debian Project
SolarWinds hack
US Executive Order on Improving the Nation’s Cybersecurity
Binary Authorization
Provenance, in art and software
in-toto
“Farm to table”
sigstore
Announcement blog
cosign
Announcement blog
Dan Lorenc’s blog
Connaisseur
Rekor
Fulcio
Key signing ceremony:
Dan Lorenc on Episode 152
Announcement blog
Video
Tekton
Tekton Chains
Announcement blog, by Priya & Dan
SBOM (Software Bill of Materials)
Open Source Insights
Announcement blog
Nine Inch Nails’ Year Zero ARG
Scorecards
Announcement blog
v2 blog
SLSA
Announcement blog
GitHub
SupplyChainSecurityCon
sigstore Slack channel
Priya Wadhwa on Twitter
Do you have something cool to share? Some questions? Let us know:
web: kubernetespodcast.com
mail: kubernetespodcast@google.com
twitter: @kubernetespod
Chatter of the week
Virgin Galactic launch
NBC News
BBC News
Blue Origin launch
NBC News
BBC News
Rocket scene from Austin Powers: The Spy Who Shagged Me
The memes
News of the week
Google Cloud Container Security webinar
Register for Google Cloud Next 2021
Google Cloud IDS
Windows Server support for Anthos on-prem
Multi-Cluster Ingress for GKE
CVE-2021-22555: Kernel code execution through Netfilter bug
CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
CVE-2021-32690: Helm repository credentials passed to alternate domain
Attacks on Argo Workflows discovered by Intezer
Sysdig acquires Apolicy; Apolicy acquired by Sysdig
CockroachDB Operator for Kubernetes
Automatic remediation of Kubernetes nodes at Cloudflare
Sciuro
Kured
CNCF App Delivery TAG publishes operator whitepaper
Links from the interview
Software supply chain
Know, Prevent, Fix
Reproducible builds
Debian Project
SolarWinds hack
US Executive Order on Improving the Nation’s Cybersecurity
Binary Authorization
Provenance, in art and software
in-toto
“Farm to table”
sigstore
Announcement blog
cosign
Announcement blog
Dan Lorenc’s blog
Connaisseur
Rekor
Fulcio
Key signing ceremony:
Dan Lorenc on Episode 152
Announcement blog
Video
Tekton
Tekton Chains
Announcement blog, by Priya & Dan
SBOM (Software Bill of Materials)
Open Source Insights
Announcement blog
Nine Inch Nails’ Year Zero ARG
Scorecards
Announcement blog
v2 blog
SLSA
Announcement blog
GitHub
SupplyChainSecurityCon
sigstore Slack channel
Priya Wadhwa on Twitter
Released:
Jul 23, 2021
Format:
Podcast episode
Titles in the series (100)
gVisor, with Nicolas Lacasse and Yoshi Tamura: Learn about gVisor from engineer Nicolas Lacasse and product manager Yoshi Tamura, as well as news from Microsoft and Red Hat's annual developer events. by Kubernetes Podcast from Google