Sign up to save your podcasts
Or
Share The Software Risk That Affects Everyone and How To Address It with Michael Winser and Jarek Potiuk
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Software Risk That Affects Everyone and How To Address It with Michael Winser and Jarek Potiuk
The security of open-source software is a growing concern, especially as dependencies and regulations become more complex, making it essential to understand how to manage software supply chains effectively.
In this episode, we sit down with Michael Winser, Co-Founder at Alpha-Omega and Security Strategy Ambassador at Eclipse Foundation, and Jarek Potiuk, Member of the Security Committee at the Apache Software Foundation, to discuss the challenges of securing Airflow’s dependencies, the evolving landscape of open-source security and how contributors can help strengthen the ecosystem.
Key Takeaways:
(02:43) Jarek quit his full-time engineer position and uses Airflow as a freelancer.
(04:32) Michael finds happiness in having meaningful work with open-source security.
(07:01) Software supply chain security focuses on correctness, integrity and availability.
(08:44) Airflow’s 790 dependencies present a unique security challenge.
(09:43) Airflow’s security team has significantly improved its vulnerability response.
(10:22) The transition to Airflow 3 emphasizes enterprise security readiness.
(16:20) The ‘Three Fs’ approach: fix it, fork it, or forget it.
(18:45) Dependency health is often more critical than fixing known vulnerabilities.
(23:32) The ‘Three Fs’ in action.
(26:26) Open-source contributors play a key role in supply chain security.
Resources Mentioned:
Michael Winser -
https://www.linkedin.com/in/michaelw/
Jarek Potiuk -
https://www.linkedin.com/in/jarekpotiuk/
Apache Airflow -
https://airflow.apache.org/
Apache Software Foundation | LinkedIn -
https://www.linkedin.com/company/the-apache-software-foundation/
Apache Software Foundation | Website -
https://www.apache.org/
Eclipse Foundation | LinkedIn -
https://www.linkedin.com/company/eclipse-foundation/
Eclipse Foundation | Website -
https://www.eclipse.org/org/foundation/
OpenSSF Working Groups -
https://openssf.org/community/openssf-working-groups/
Astronomer Roadshow: Exploring Apache Airflow 3 | London
https://www.astronomer.io/events/roadshow/london/
Astronomer Roadshow: Exploring Apache Airflow 3 | New York
https://www.astronomer.io/events/roadshow/new-york/
Astronomer Roadshow: Exploring Apache Airflow 3 | Sydney
https://www.astronomer.io/events/roadshow/sydney/
Astronomer Roadshow: Exploring Apache Airflow 3 | San Francisco
https://www.astronomer.io/events/roadshow/san-francisco/
Astronomer Roadshow: Exploring Apache Airflow 3 | Chicago
https://www.astronomer.io/events/roadshow/chicago/
Thanks for listening to “The Data Flowcast: Mastering Airflow for Data Engineering & AI.” If you enjoyed this episode, please leave a 5-star review to help get the word out about the show. And be sure to subscribe so you never miss any of the insightful conversations.
#AI #Automation #Airflow #MachineLearning
View all episodes
By Astronomer
5
2020 ratings
The security of open-source software is a growing concern, especially as dependencies and regulations become more complex, making it essential to understand how to manage software supply chains effectively.
In this episode, we sit down with Michael Winser, Co-Founder at Alpha-Omega and Security Strategy Ambassador at Eclipse Foundation, and Jarek Potiuk, Member of the Security Committee at the Apache Software Foundation, to discuss the challenges of securing Airflow’s dependencies, the evolving landscape of open-source security and how contributors can help strengthen the ecosystem.
Key Takeaways:
(02:43) Jarek quit his full-time engineer position and uses Airflow as a freelancer.
(04:32) Michael finds happiness in having meaningful work with open-source security.
(07:01) Software supply chain security focuses on correctness, integrity and availability.
(08:44) Airflow’s 790 dependencies present a unique security challenge.
(09:43) Airflow’s security team has significantly improved its vulnerability response.
(10:22) The transition to Airflow 3 emphasizes enterprise security readiness.
(16:20) The ‘Three Fs’ approach: fix it, fork it, or forget it.
(18:45) Dependency health is often more critical than fixing known vulnerabilities.
(23:32) The ‘Three Fs’ in action.
(26:26) Open-source contributors play a key role in supply chain security.
Resources Mentioned:
Michael Winser -
https://www.linkedin.com/in/michaelw/
Jarek Potiuk -
https://www.linkedin.com/in/jarekpotiuk/
Apache Airflow -
https://airflow.apache.org/
Apache Software Foundation | LinkedIn -
https://www.linkedin.com/company/the-apache-software-foundation/
Apache Software Foundation | Website -
https://www.apache.org/
Eclipse Foundation | LinkedIn -
https://www.linkedin.com/company/eclipse-foundation/
Eclipse Foundation | Website -
https://www.eclipse.org/org/foundation/
OpenSSF Working Groups -
https://openssf.org/community/openssf-working-groups/
Astronomer Roadshow: Exploring Apache Airflow 3 | London
https://www.astronomer.io/events/roadshow/london/
Astronomer Roadshow: Exploring Apache Airflow 3 | New York
https://www.astronomer.io/events/roadshow/new-york/
Astronomer Roadshow: Exploring Apache Airflow 3 | Sydney
https://www.astronomer.io/events/roadshow/sydney/
Astronomer Roadshow: Exploring Apache Airflow 3 | San Francisco
https://www.astronomer.io/events/roadshow/san-francisco/
Astronomer Roadshow: Exploring Apache Airflow 3 | Chicago
https://www.astronomer.io/events/roadshow/chicago/
Thanks for listening to “The Data Flowcast: Mastering Airflow for Data Engineering & AI.” If you enjoyed this episode, please leave a 5-star review to help get the word out about the show. And be sure to subscribe so you never miss any of the insightful conversations.
#AI #Automation #Airflow #MachineLearning
More shows like The Data Flowcast: Mastering Apache Airflow ® for Data Engineering and AI
View all
Freakonomics Radio
32,130 Listeners
The Joe Rogan Experience
228,019 Listeners
The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch
533 Listeners
Software Engineering Daily
625 Listeners
Data Engineering Podcast
144 Listeners
Masters of Scale
3,986 Listeners
DevOps Paradox
25 Listeners
The Real Python Podcast
141 Listeners
All-In with Chamath, Jason, Sacks Friedberg
9,840 Listeners
SmartLess
58,236 Listeners
Hard Fork
5,466 Listeners
The Data Stack Show
13 Listeners
The Data Engineering Show
8 Listeners
The AWS Developers Podcast
23 Listeners
The Economics Show
140 Listeners