Charlie Jones, Director of Product Management at ReversingLabs and subject matter expert in supply chain security, joins host Priyanka Raghavan to discuss tackling third-party software risks. They begin by defining different types of third-party software risks and then take a deep dive into case studies where third-party components and software have had cascading effects on downstream systems. They consider some frameworks for secure software development that can be used to evaluate third-party software and components – both as a publisher or as a consumer – and end by discussing laws and regulations with final advise from Charlie on how enterprises can tackle third-party software risks. Brought to you by IEEE Computer Society and IEEE Software magazine. This episode is sponsored by WorkOS.

SE Radio 606: Charlie Jones on Third-Party Software Supply Chain Risks

Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. SE Radio covers all topics software engineering. Episodes are either tutorials on a specific topic, or an interview with a well-known character from the software engineering world. All SE Radio episodes are original content — we do not record conferences or talks given in other venues. Each episode comprises two speakers to ensure a lively listening experience. SE Radio is brought to you by the IEEE Computer Society and IEEE Software magazine.

Technology

Tech News

Podcasting

Gadgets

Software How-To

Education

Training

Language Courses

Higher Education

K-12

Educational Technology

Shachar Binyamin, CEO and co-founder of Inigo, joins host Priyanka Raghavan to discuss GraphQL security. They begin with a look at the state of adoption of GraphQL and why it's so popular. From there, they consider why GraphQL security is important as they take a deep dive into a range of known security issues that have been exploited in GraphQL, including authentication, authorization, and denial of service attacks with references from the OWASP Top 10 API Security Risks. They discuss some mitigation strategies and methodologies for solving GraphQL security problems, and the show ends with discussion of Inigo and Shachar's top three recommendations for building safe GraphQL applications. Brought to you by IEEE Software and IEEE Computer Society.

SE Radio 613: Shachar Binyamin on GraphQL Security

Eyal Solomon, CEO and co-founder of Lunar.dev, joins SE Radio’s Kanchan Shringi for a discussion on tooling for API consumption management. The episode starts by examining why API consumption management is an increasingly important topic, and how existing tooling on the provider side can be inadequate for client-side issues. Eyal talks in detail about issues that are unique to API consumers, before taking a deep dive into the evolution of middleware built by teams and companies to address these issues and the gaps. Finally they consider how Lunar.dev seeks to solve these issues, as well as Eyal's vision of lunar.dev as a open source platform. This episode is sponsored by WorkOS.

SE Radio 612: Eyal Solomon on API Consumption Management

Ines Montani, co-founder and CEO of Explosion, speaks with host Jeremy Jung about solving problems using natural language processing (NLP). They cover generative vs predictive tasks, creating a pipeline and breaking down problems, labeling examples for training, fine-tuning models, using LLMs to label data and build prototypes, and the spaCy NLP library.

SE Radio 611: Ines Montani on Natural Language Processing

Phillip Carter, Principal Product Manager at Honeycomb and open source software developer, talks with host Giovanni Asproni about observability for large language models (LLMs). The episode explores similarities and differences for observability with LLMs versus more conventional systems. Key topics include: how observability helps in testing parts of LLMs that aren't amenable to automated unit or integration testing; using observability to develop and refine the functionality provided by the LLM (observability-driven development); using observability to debug LLMs; and the importance of incremental development and delivery for LLMs and how observability facilitates both. Phillip also offers suggestions on how to get started with implementing observability for LLMs, as well as an overview of some of the technology's current limitations. This episode is sponsored by WorkOS.

SE Radio 610: Phillip Carter on Observability for Large Language Models

Rishi Singh, founder and CEO at Sapient.ai, speaks with SE radio’s Kanchan Shringi about using generative AI to help developers automate test code generation. They start by identifying key problems that developers are looking for in an automated test-generation solution. The discussion explores the capabilities and limitations of today’s large language models in achieving that goal, and then delves into how Sapient.ai has built wrappers around LLMs in an effort to improve the quality of the generated tests. Rishi also suggests how to validate the generated tests and outlines his vision of the future for this rapidly evolving area. Brought to you by IEEE Computer Society and IEEE Software magazine. This episode is sponsored by WorkOS.

SE Radio 606: Charlie Jones on Third-Party Software Supply Chain Risks

Download our free app to listen on your phone