In my conversation with Kate Stewart and Gary O'Neall, we explore the evolution and impact of SPDX in software transparency. From its origins in license compliance to its current role in security and vulnerability tracking, we unpack how this open standard is shaping modern software development practices. The discussion reveals fascinating insights into SBOM generation challenges and how SPDX 3.0 is being designed to meet the demands of today's CI/CD environments.

16 JAN • 2025 50 mins

I explore the technical depths of ZFS and FreeBSD with Allan Jude, diving into everything from filesystem architecture to operating system development. From copy-on-write design to advanced storage capabilities, we unpack what makes these technologies crucial for modern infrastructure.

01 DEC • 2024 1 hour 18 mins

I dive into the world of GPS systems and maritime security with Ken Munro, exploring the vulnerabilities in critical infrastructure. We discuss everything from different types of GPS systems to the alarming ease of compromising ships remotely. Ken shares eye-opening insights from his penetration testing experience and the implications for global security.

03 NOV • 2024 1 hour 4 mins

I explore the changing landscape of authentication with Massi Gori, diving into practical applications of FIDO2 and modern security solutions. We discuss how technologies like passkeys, OpenSSH certificates, and Vault are reshaping enterprise security, with real-world examples from Massi's extensive experience.

03 NOV • 2024 1 hour 4 mins

I explore the evolving world of software security and compliance with Steve Springett, diving into how SBOMs and CycloneDX are reshaping how we track and secure our software supply chains. We discuss practical approaches to implementing these tools and the real impact they're having on enterprise security.

20 OCT • 2024 1 hour 12 mins