
Sign up to save your podcasts
Or


RedMonk's Kate Holterhoff sits down with Chris DeMars, Senior Developer Advocate at TuxCare, for a conversation about patching in the AI era. Chris started writing code in Q Basic in the mid-90s and now spends his time at conferences explaining the JavaScript supply chain to people who'd rather not think about it: typosquatting, the Shai-Hulud worm, and getting locked out of his own VS Code editor at Vueconf. They get into why a Dockerfile that Claude wrote him pulled in an insecure version of Node, why most enterprise customers are nowhere near migrating off end-of-life software regardless of the modernization story being sold to them, and what rebootless live patching actually looks like once a CVE drops.
Show notes: https://redmonk.com/videos/chris-demars/
Chapters
00:00 Introduction and Background of Chris DeMars
02:59 The Role of Developer Advocacy in Security
05:52 JavaScript Ecosystem and Security Challenges
08:54 AI's Impact on Security Practices
11:42 Developers' Awareness of Security Issues
14:50 The Importance of Patching and CVEs
17:37 The Future of Security in Development
21:09 The Process of Fixing Vulnerabilities
24:01 Modernization vs. Legacy Systems
24:50 Engagement with the Open Source Community
26:45 Challenges for Open Source Maintainers
27:36 Enterprise vs. Smaller Companies
29:39 The Role of AI in Upgrading Systems
33:37 Compliance and Regulation Concerns
38:24 Understanding Live Patching
41:32 Closing Thoughts and Future Directions
By RedMonkRedMonk's Kate Holterhoff sits down with Chris DeMars, Senior Developer Advocate at TuxCare, for a conversation about patching in the AI era. Chris started writing code in Q Basic in the mid-90s and now spends his time at conferences explaining the JavaScript supply chain to people who'd rather not think about it: typosquatting, the Shai-Hulud worm, and getting locked out of his own VS Code editor at Vueconf. They get into why a Dockerfile that Claude wrote him pulled in an insecure version of Node, why most enterprise customers are nowhere near migrating off end-of-life software regardless of the modernization story being sold to them, and what rebootless live patching actually looks like once a CVE drops.
Show notes: https://redmonk.com/videos/chris-demars/
Chapters
00:00 Introduction and Background of Chris DeMars
02:59 The Role of Developer Advocacy in Security
05:52 JavaScript Ecosystem and Security Challenges
08:54 AI's Impact on Security Practices
11:42 Developers' Awareness of Security Issues
14:50 The Importance of Patching and CVEs
17:37 The Future of Security in Development
21:09 The Process of Fixing Vulnerabilities
24:01 Modernization vs. Legacy Systems
24:50 Engagement with the Open Source Community
26:45 Challenges for Open Source Maintainers
27:36 Enterprise vs. Smaller Companies
29:39 The Role of AI in Upgrading Systems
33:37 Compliance and Regulation Concerns
38:24 Understanding Live Patching
41:32 Closing Thoughts and Future Directions