Technical interviews about software topics.
…
continue reading
Контент предоставлен Changelog Media. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Changelog Media или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Похожие на The Changelog: Software Development, Open Source
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
Become the best software developer you can be
…
continue reading
1
Software Engineering Radio - the podcast for professional software developers
se-radio@computer.org
Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. SE Radio covers all topics software engineering. Episodes are either tutorials on a specific topic, or an interview with a well-known character from the software engineering world. All SE Radio episodes are original content — we do not record conferences or talks given in other venues. Each episode comprises two speakers to ensure a lively ...
…
continue reading
Explore true stories of the dark side of the Internet with host Jack Rhysider as he takes you on a journey through the chilling world of hacking, data breaches, and cyber crime.
…
continue reading
For more than a dozen years, the Stack Overflow Podcast has been exploring what it means to be a software developer and how the art and practice of programming is changing our world. From Rails to React, from Java to Node.js, join the Stack home team for conversations with fascinating guests to help you understand how technology is made and where it’s headed.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
))
Securing GitHub (Interview)
Manage episode 424437828 series 1282967
Контент предоставлен Changelog Media. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Changelog Media или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.
Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
- Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
- Cronitor – Cronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
- Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Featuring:
- Jacob DePriest – Twitter, GitHub
- Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
- Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
Show Notes:
- Where does your software (really) come from?
- Keeping secrets out of public repositories
- GitHub Advanced Security
- Dependabot
- Introducing Artifact Attestations–now in public beta
- Software Bill of Materials (SBOM)
- 😶🌫️ Who in the world is Jia Tan?!
Something missing or broken? PRs welcome!
Разделы
1. This week on The Changelog (00:00:00)
2. Sponsor: Socket (00:01:46)
3. Let's talk GitHub security (00:05:28)
4. The responsibility of security (00:08:11)
5. Securing change of ownership (00:13:51)
6. Applying Attestation to XZ (00:16:39)
7. XZ-like attacks are scary (00:18:05)
8. The challenge of the defender (00:21:57)
9. Behind code scanning (00:28:40)
10. GitHub Advanced Security features (00:31:34)
11. Sponsor: Neon (00:33:40)
12. Dependabot signal vs noise (00:39:27)
13. Attestations from a maintainer's POV (00:40:42)
14. Attestation tracking the binary (00:43:52)
15. Attestation goes beyond SBOM (00:46:55)
16. Are SBOMs widely used? (00:48:42)
17. 45-ish minutes to AI! (00:49:29)
18. Proactive vs reactive security (00:54:41)
19. Sponsor: Cronitor (00:59:28)
20. AI red teams (01:00:58)
21. Jacob's security war stories (01:05:35)
22. Wave a magic security wand (01:10:57)
23. GitHub as a security centerpoint (01:14:04)
24. How to partner on security with GitHub (01:15:46)
25. Closing thoughts from Jacob (01:24:28)
26. Outro and what's next (01:26:45)
762 эпизодов
Поделиться
Manage episode 424437828 series 1282967
Контент предоставлен Changelog Media. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Changelog Media или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.
Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
- Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
- Cronitor – Cronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
- Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Featuring:
- Jacob DePriest – Twitter, GitHub
- Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
- Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
Show Notes:
- Where does your software (really) come from?
- Keeping secrets out of public repositories
- GitHub Advanced Security
- Dependabot
- Introducing Artifact Attestations–now in public beta
- Software Bill of Materials (SBOM)
- 😶🌫️ Who in the world is Jia Tan?!
Something missing or broken? PRs welcome!
Разделы
1. This week on The Changelog (00:00:00)
2. Sponsor: Socket (00:01:46)
3. Let's talk GitHub security (00:05:28)
4. The responsibility of security (00:08:11)
5. Securing change of ownership (00:13:51)
6. Applying Attestation to XZ (00:16:39)
7. XZ-like attacks are scary (00:18:05)
8. The challenge of the defender (00:21:57)
9. Behind code scanning (00:28:40)
10. GitHub Advanced Security features (00:31:34)
11. Sponsor: Neon (00:33:40)
12. Dependabot signal vs noise (00:39:27)
13. Attestations from a maintainer's POV (00:40:42)
14. Attestation tracking the binary (00:43:52)
15. Attestation goes beyond SBOM (00:46:55)
16. Are SBOMs widely used? (00:48:42)
17. 45-ish minutes to AI! (00:49:29)
18. Proactive vs reactive security (00:54:41)
19. Sponsor: Cronitor (00:59:28)
20. AI red teams (01:00:58)
21. Jacob's security war stories (01:05:35)
22. Wave a magic security wand (01:10:57)
23. GitHub as a security centerpoint (01:14:04)
24. How to partner on security with GitHub (01:15:46)
25. Closing thoughts from Jacob (01:24:28)
26. Outro and what's next (01:26:45)
762 эпизодов
Все серии
×
Добро пожаловать в Player FM!
Player FM сканирует Интернет в поисках высококачественных подкастов, чтобы вы могли наслаждаться ими прямо сейчас. Это лучшее приложение для подкастов, которое работает на Android, iPhone и веб-странице. Зарегистрируйтесь, чтобы синхронизировать подписки на разных устройствах.
Похожие на The Changelog: Software Development, Open Source
Technical interviews about software topics.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
Become the best software developer you can be
…
continue reading
1
Software Engineering Radio - the podcast for professional software developers
se-radio@computer.org
Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. SE Radio covers all topics software engineering. Episodes are either tutorials on a specific topic, or an interview with a well-known character from the software engineering world. All SE Radio episodes are original content — we do not record conferences or talks given in other venues. Each episode comprises two speakers to ensure a lively ...
…
continue reading
Explore true stories of the dark side of the Internet with host Jack Rhysider as he takes you on a journey through the chilling world of hacking, data breaches, and cyber crime.
…
continue reading
For more than a dozen years, the Stack Overflow Podcast has been exploring what it means to be a software developer and how the art and practice of programming is changing our world. From Rails to React, from Java to Node.js, join the Stack home team for conversations with fascinating guests to help you understand how technology is made and where it’s headed.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
