Google’s Andrew Pollock and Addressing Open Source Vulnerabilities

What's in the SOSS? An OpenSSF Podcast

Innehåll tillhandahållet av Omkhar Arasaratnam, OpenSSF and Omkhar Arasaratnam. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Omkhar Arasaratnam, OpenSSF and Omkhar Arasaratnam eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.

1M ago 12:16

MP3•Episod hem

Episode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, great user experiences and self-service opportunities. He has primarily worked in Linux/Unix environments as a Site Reliability Engineer or Security Engineer, with a strong interest in process improvement and automation.

00:52 - Andrew shares his background as a “mid-90s data nerd”
02:31 - Managing vulnerabilities in the open source ecosystem
03:57 - How to navigate inconsistent metadata
06:26 - The challenge of source attribution
07:54 - The rapid-fire round
09:15 - Andrew’s advice to open source developers
10:22 - Andrew’s call to action to developers

Episode links:

15 episoder

#Tech #Omkhar Arasaratnam, Open SSF #Omkhar Arasaratnam #Open SSF