EP131 A Deep Dive into Google's Assured OSS: How Google Secures the Software You Use
Cloud Security Podcast by Google · Anton A Chuvakin
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Guests:
-
Himanshu Khurana, Engineering Manager, Google Cloud
-
Rahul Gupta, Product Manager for Assured OSS, Google Cloud
Topics:
-
For the software you're supporting in Assured Open Source your team discovered 50% of the CVEs reported in them this year. How did that happen?
-
So what is Assured Open Source?
-
Do we really guarantee its security? What does "guarantee" here mean?
-
What're users actually paying for here?
-
What's the Google magic here and why are we doing this?
-
Do we really audit all code and fuzz for security issues?
-
What's a supply chain attack and then we'll talk about how this is plugging into those gaps?
Resources:
-
"SBOMs: A Step Towards a More Secure Software Supply Chain" (ep116)
-
"Linking Up The Pieces: Software Supply Chain Security at Google and Beyond" (ep24)