This is part two of our conversation with Kubernetes project cofounder Craig McLuckie, whose new company helps developers build safer software by validating where code came from and that it’s been properly maintained.
Ben and Ryan chat with Craig McLuckie, co-founder of the Kubernetes project and cofounder/CEO of Stacklok, which helps developers and open-source communities build safer, more secure software.
The home team chats with Alex Bovee, cofounder and CEO of identity access management company ConductorOne, about balancing security and productivity in developer workflows, why tech companies have shifted everything left, and the logic behind zero trust.
This affects the individual developer writing insecure code, the engineering team blindly trusting their dependencies, and the organization thinking that their best bet is to roll their own security controls.
Your ML model and AI-as-a-service apps might open new attack surfaces. Here's how to mitigate them.
OAuth2 is one of the most popular specifications for API authentication today, though wrapping your head around it can be a challenge.
Dynamic application security testing (DAST) can help catch security flaws in your code. And it can do it automatically in your build process.
On this home team episode of the podcast, Ben, Cassidy, and Matt talk about small computers, big nostalgia, and security flaws that you could script a truck through.
When the bots came for us, we strengthened our defenses. Here's what we learned about parrying a few DDoS attacks.
Security needs to move from an afterthought to a primary concern in software development. Here's what shifting left looks like for real-world developers.
The home team discusses pay equity at New Relic, Okta’s security SNAFU, and the AI creating “wildly good” generative art.
When the Log4j security issue was disclosed, developers came looking for answers. We took a look at our site data around it.
Are your TikTok confessions GDPR-compliant?
For this edition of Stack Overflow Knows, we did a deep dive into cybersecurity topics across Stack Overflow and Stack Exchange sites to spotlight trends and reflect on how conversations are evolving within the developer and technical community.
Magic links get you in the door safer than passwords.
We take a detailed look at a hacking incident that gave a user unauthorized access to our code and data.
In order to respond to threats, device designers must remotely update, which if implemented poorly, can provide another vector for attacks. In this post, dig into specifics related specifically to the over-the-air (OTA) software update framework in an enterprise setting.
From the Samy Worm to WannaCry, we chat about a decade worth of security snafus.
If you put a textbox on the Internet, someone will put spam in it. If you put a textbox on a site that gets millions of hits a day, lots of someones will put lots of spam in it. So Stack Exchange uses multiple layers to block all the spam coming in.
Copying and pasting can be dangerous, but then again, so can many aspects of software development when done incautiously. In this post, I’ll take a look at what code copying actually means for software development, what good code theft means, and the pitfalls of copying badly.
Open source software is becoming more and more popular. Here's how you can create a plan to ensure that your open source implementation is secure as well as effective.
Last week, we told you about research that found a number of security vulnerabilities in code snippets in Stack Overflow answers, and how some of those flaws had migrated into actual, real-live Github projects. Today, we’re following up on the top eight error types that research highlighted and suggesting ways to avoid making the same mistakes.
