The MonkCast

Chris DeMars on Patching and Security in the AI Era


Listen Later

RedMonk's Kate Holterhoff sits down with Chris DeMars, Senior Developer Advocate at TuxCare, for a conversation about patching in the AI era. Chris started writing code in Q Basic in the mid-90s and now spends his time at conferences explaining the JavaScript supply chain to people who'd rather not think about it: typosquatting, the Shai-Hulud worm, and getting locked out of his own VS Code editor at Vueconf. They get into why a Dockerfile that Claude wrote him pulled in an insecure version of Node, why most enterprise customers are nowhere near migrating off end-of-life software regardless of the modernization story being sold to them, and what rebootless live patching actually looks like once a CVE drops.

Show notes: https://redmonk.com/videos/chris-demars/

Chapters
00:00 Introduction and Background of Chris DeMars
02:59 The Role of Developer Advocacy in Security
05:52 JavaScript Ecosystem and Security Challenges
08:54 AI's Impact on Security Practices
11:42 Developers' Awareness of Security Issues
14:50 The Importance of Patching and CVEs
17:37 The Future of Security in Development
21:09 The Process of Fixing Vulnerabilities
24:01 Modernization vs. Legacy Systems
24:50 Engagement with the Open Source Community
26:45 Challenges for Open Source Maintainers
27:36 Enterprise vs. Smaller Companies
29:39 The Role of AI in Upgrading Systems
33:37 Compliance and Regulation Concerns
38:24 Understanding Live Patching
41:32 Closing Thoughts and Future Directions

...more
View all episodesView all episodes
Download on the App Store

The MonkCastBy RedMonk