Last updated at Wed, 11 May 2022 14:41:31 GMT
In this episode of Security Nation, Jen and Tod chat with Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation, about the open-source security projects she’s working on, including the Zephyr project. They chat about strategies for dealing with bugs and vulnerabilities in today's complex tech landscape, including the much talked-about software bill of materials (SBOM), so we can reap the benefits of open source while avoiding the downsides as much as possible.
Stick around for our Rapid Rundown, where Tod and Jen talk about a recent piece of news in the open-source community: A developer used the “event-source-polyfill” npm package to write a piece of “protestware” decrying Russia’s aggression in Ukraine. They also pay homage to healthcare cybersecurity stalwart Mike Murray, who recently passed away.
Kate Stewart works with the safety, security, and license compliance communities to advance the adoption of best practices into embedded open-source projects. With over 30 years of experience in the software industry, she has held a variety of roles and worked as a developer in Canada, Australia, and the US and for the last 20 years has managed international software development teams and activities. Kate was one of the founders of SPDX and is currently the specification coordinator. She is also the co-lead for the NTIA SBOM formats and tooling working group. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects among others, as well as supporting other embedded projects.
- Read Project Zephyr’s blog post on Amnesia33.
- Get Linux’s perspective on SBOM.
- Listen to our previous episode on SBOM with Josh Corman and Audra Hatch.
- Check out Zephyr’s Renode dashboard.
- Learn about the Software Package Data Exchange (SPDX) specification from ISO.
Rapid Rundown links
- Read the story on the npm protestware.
- Peruse the issue logged against the project on Github.
- See Dark Reading’s homage to Mike Murray.
- Watch Mike Murray talk about hiring hackers.
Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.