Episode description
When is it safe to run software? When is it safe to drink orange juice? Are we a better judge of one or the other? Santiago Torres-Arias is an Assistant Professor at Purdue University, the team lead of the in-toto project, and a contributor to The Update Framework. He joins Craig to talk security in both physical and software supply chains.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
- Don’t Forget The Lyrics
- Gettin’ Jiggy Wit It
- Explained on Genius
- Will Smith on Top Gear
- The Oscars thing (CW: violence, cuss words that Will Smith didn’t used to have to rap to sell records)
- He’s The Greatest Dancer by Sister Sledge; written by Bernard Edwards and Nile Rodgers of Chic
- New Cisco Intersight Kubernetes features
- Red Hat OpenShift v4.10
- ChaosNative acquired by Harness
- Azure PlayFab launches Thundernetes
- Weave GitOps v2022-03
- Qumulo for Kubernetes
- SpectroCloud raises $40m
- Pinterest: 99% to 99.9% SLO, high performance control plane
- Uber: Avoiding CPU throttling in a containerized environment
- in-toto
- The Update Framework
- Purdue University
- NYU
- PolyPasswordHasher
- Episode 155, with Priya Wadhwa
- apt-secure for Debian packages
- A keysigning and a signed PGP key
- Farm to table attestation
- Potato tracking
- An example of E. coli in lettuce
- in-toto record
- Project Trebuchet: How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack by Trevor Rosen, Solarwinds
- Reflections on Trusting Trust by Ken Thompson
- Secure Publication of Datadog Agent Integrations with TUF and in-toto
- US Executive Order on Improving the Nation’s Cybersecurity
- Readout of White House Meeting on Software Security
- sigstore
- SPIFFE
- SLSA
- in-toto moves to incubation in the CNCF
- CFSSL
- Math rock
- Bird of the Year
- Santiago Torres-Arias on Twitter and at badhomb.re