The New Stack Context: Two Views of Open Source Security
Welcome to The New Stack Context, a podcast where we discuss the latest news and perspectives in the world of cloud native computing. This week we have two guests who discuss their experience with the challenges of securing open source software.
First, we talk to Frank Nagle, a professor at Harvard Business School and co-director of the Census II project to assess security practices in open source software components, in partnership with The Linux Foundation’s Core Infrastructure Initiative (CII). The report, “‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software,” attempts to understand the “structural and security complexities in the modern day supply chain where open source is pervasive but not always understood.” We discuss his findings, including the surprising state of under-management for most open source projects.
We also chat with Neeraj Poddar, Aspen Mesh co-founder and engineering lead who developed the fix for a recent vulnerability in the Istio service mesh project. We speak with Poddar about the challenges of quickly fixing an bug in an open source program when there are so many stakeholders, and how the work should be cordoned off until a public announcement is ready to be made.
We also discuss some of the more pertinent podcasts and news stories of late. We herald the return of fellow podcast TNS Analysts, and a conversation there about the developer experience with Kubernetes. We also have a spirited discussion about a Carnegie Mellon University researcher who debunks the myth of the 10x programmer. We delve into how companies such as Platform9, Rancher Labs, and services like Google Cloud are making Kubernetes easier to use. Finally, in the realm of artificial intelligence, we take a look at a Deep Neural Network reconstructed a mysterious image hidden in a Picasso painting.
TNS editorial and marketing director Libby Clark hosted this episode, alongside founder and publisher Alex Williams and TNS Managing Editor Joab Jackson.
Aspen Mesh and the Linux Foundation are sponsors of The New Stack.
Feature image: 17th Century French key, New York Metropolitan Museum of Art.