Sveriges mest populära poddar

Open Source Security

Episode 410 - Package identifiers are really hard

32 min•8 januari 2024

Josh and Kurt talk about package identifiers. We break this down in the context of an OpenSSF response to a CISA paper on software identifications. The identifiers that get all the air time are purl, CPE, SWID, and OmniBOR. This is a surprisingly complex problem space. It feels easy, but it's not.

Show Notes

Fler avsnitt av Open Source Security

AIBOM, CBOM, and HBOM with Allan Friedman

29 juni•35 min

Packagist and Composer security with Jordi Boggiano

22 juni•35 min

Sustaining Open VSX with Mike and Thabang

15 juni•37 min

Hacking your CI/CD with François Proulx

8 juni•36 min

Open source verification with Sal Kimmich

1 juni•32 min

Vulnerability disclosure with Casey Ellis

25 maj•38 min

F-Droid the open app store with Hans

18 maj•37 min

Open source is critical infrastructure with Kat Cosgrove

11 maj•38 min

How to actually test a disaster plan with David Bernstein

Open Source Pledge with Vlad-Stefan Harbuz

27 apr.•35 min

Open Source Security med Josh Bressers finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.