In this episode, I sat down with Dustin Kirkland to discuss the critical topic of supply chain security and the innovative work being done at Chainguard. We delved into the concept of zero-CVE containers, exploring how this approach is revolutionizing container security. Dustin shared insights on modern supply chain threats, the importance of software bill of materials (SBOM), and practical strategies for maintaining secure container environments. The conversation covered both the technical challenges and solutions in today's rapidly evolving security landscape.

14 FEB • 2025 59 mins

In my conversation with Warren Houghton, he showed exactly how a penetration test unfolds: starting with scoping and permission paperwork, then moving into reconnaissance and tooling. He demonstrated how a tester uses Kali Linux alongside Nmap for port scanning, Metasploit for exploiting vulnerabilities, and Burp Suite for intercepting and manipulating web traffic. He also highlighted the risks of overlooked exposures—like a public .git directory or outdated WordPress plugins—and stressed how secure configurations and network segmentation can prevent lateral movement. Throughout, he emphasized the constant need for learning and vigilance against ever-evolving threats.

31 JAN • 2025 1 hour 1 min

In my conversation with Kate Stewart and Gary O'Neall, we explore the evolution and impact of SPDX in software transparency. From its origins in license compliance to its current role in security and vulnerability tracking, we unpack how this open standard is shaping modern software development practices. The discussion reveals fascinating insights into SBOM generation challenges and how SPDX 3.0 is being designed to meet the demands of today's CI/CD environments.

16 JAN • 2025 50 mins