Last updated at Wed, 13 Apr 2022 19:30:00 GMT
In this episode of Security Nation, Jen and Tod chat with Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation, about the open-source security projects she's working on, including the Zephyr project. They chat about strategies for dealing with bugs and vulnerabilities in today's complex tech landscape, including the much talked-about software bill of materials (SBOM), so we can reap the benefits of open source while avoiding the downsides as much as possible.
Stick around for our Rapid Rundown, where Tod and Jen talk about a recent piece of news in the open-source community: A developer used the "event-source-polyfill" npm package to write a piece of "protestware" decrying Russia's aggression in Ukraine. They also pay homage to healthcare cybersecurity stalwart Mike Murray, who recently passed away.
Kate StewartKate Stewart works with the safety, security, and license compliance communities to advance the adoption of best practices into embedded open-source projects. With over 30 years of experience in the software industry, she has held a variety of roles and worked as a developer in Canada, Australia, and the US and for the last 20 years has managed international software development teams and activities. Kate was one of the founders of SPDX and is currently the specification coordinator. She is also the co-lead for the NTIA SBOM formats and tooling working group. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects among others, as well as supporting other embedded projects.
Show notesInterview links
- Read Project Zephyr's blog post on Amnesia33.
- Get Linux's perspective on SBOM.
- Listen to our previous episode on SBOM with Josh Corman and Audra Hatch.
- Check out Zephyr's Renode dashboard.
- Learn about the Software Package Data Exchange (SPDX) specification from ISO.
Rapid Rundown links
- Read the story on the npm protestware.
- Peruse the issue logged against the project on Github.
- See Dark Reading's homage to Mike Murray.
- Watch Mike Murray talk about hiring hackers.
Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.
Attachments
- Original Link
- Original Document
- Permalink
Disclaimer
Rapid7 Inc. published this content on 13 April 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 13 April 2022 19:44:10 UTC.