Sign up to save your podcasts
Or
Share S4Ep9 - Open Source Integrity with Luke Hinds
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S4Ep9 - Open Source Integrity with Luke Hinds
DSO Overflow S4EP9
Open Source Integrity
with
Luke Hinds
In this month's episode, Jessica and Glenn chatted with Luke Hinds to discuss topics around Open Source integrity and provenance.
Luke is a co-founder and the CTO at Stacklok who loves building open source software and communities, as well as leading talented engineering teams to develop innovative cutting edge security technologies at scale.
In this episode, Luke talks about the challenges of ensuring open source software integrity and provenance using cryptographic technologies and automated signing of software within the CICD pipeline using a non-profit software cryptographic signing service. He talks about managing developer expectations and how security should enable software development. We briefly discuss the dangers of putting too much trust into AI and the data that supports GenAI models.
Resources mentioned in this podcast:
- Luke Hind's LinkedIn profile
- Stacklok on LinkedIn
- Stacklok's website
- sigstore on LinkedIn
- sigstore website
- slsa website
- Minder website
- Minder on GitHub
DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.
This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro
Your Hosts
Steve Giguere linkedin.com/in/stevegiguere
Glenn Wilson linkedin.com/in/glennwilson
Jessica Cregg linkedin.com/in/jessicacregg
View all episodes
By Glenn Wilson, and Steve GiguereDSO Overflow S4EP9
Open Source Integrity
with
Luke Hinds
In this month's episode, Jessica and Glenn chatted with Luke Hinds to discuss topics around Open Source integrity and provenance.
Luke is a co-founder and the CTO at Stacklok who loves building open source software and communities, as well as leading talented engineering teams to develop innovative cutting edge security technologies at scale.
In this episode, Luke talks about the challenges of ensuring open source software integrity and provenance using cryptographic technologies and automated signing of software within the CICD pipeline using a non-profit software cryptographic signing service. He talks about managing developer expectations and how security should enable software development. We briefly discuss the dangers of putting too much trust into AI and the data that supports GenAI models.
Resources mentioned in this podcast:
- Luke Hind's LinkedIn profile
- Stacklok on LinkedIn
- Stacklok's website
- sigstore on LinkedIn
- sigstore website
- slsa website
- Minder website
- Minder on GitHub
DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.
This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro
Your Hosts
Steve Giguere linkedin.com/in/stevegiguere
Glenn Wilson linkedin.com/in/glennwilson
Jessica Cregg linkedin.com/in/jessicacregg
More shows like DSO Overflow
View all
Darknet Diaries
7,843 Listeners