Justin Cormack on Integrating Security into Software Building
Semaphore Uncut · Semaphore CI/CD Weekly
Audio is streamed directly from the publisher (api.substack.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
In this episode of Semaphore Uncut, Justin Cormack, Senior Security Engineer at Docker and member of the Technical Oversight Committee at CNCF, shares insights from the security industry. We talk about why it’s important to think about what could go wrong when building software, how hackers are now exploiting vulnerabilities before shipping your code to production, and what companies can really do and use to secure their products.
Key takeaways:
- Security – a matter of software quality
- The threat modeling practice – understanding the potential security threats
- Using the experience of experts
- Supply-chain security
- Security integration into CI/CD pipelines
- Important vs. overhyped practices in the security industry
About Semaphore Uncut
In each episode of Semaphore Uncut, we invite software industry professionals to discuss the impact they are making and what excites them about the emerging technologies.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit semaphoreio.substack.com