In this episode, we sit down with Luke Hinds, CTO of Stacklok and creator of Sigstore, to learn from his extensive background in open source security. Luke shares insights into his journey and passion for security, highlighting the thrill of the 'cat and mouse' dynamics. He discusses Stacklok’s project, Minder, a software supply chain platform designed to streamline security while boosting developer productivity. Luke also touches on Trusty, another Stacklok initiative aimed at assessing the security risks of open source packages using data science. The conversation expands to the impact of AI on code contributions and developer identity, reflecting on the evolving dynamics in software development and security. Finally, Luke shares thoughts on the ongoing challenges and opportunities in bridging the gap between operations and engineering to maintain robust security in fast-paced development environments.
00:00 Introduction
02:29 Personal Reflections on Security
04:14 Introduction to Stacklok and Minder
05:02 Minder's Features and Capabilities
07:38 Target Audience and Use Cases for Minder
10:41 Balancing Security and Developer Productivity
13:00 The Importance of Seamless Security
13:52 Introduction to Trusty: Understanding Open Source Security Risks
14:45 Analyzing Malicious Packages and Developer Contributions
18:06 The Role of Developer Identity in Open Source Projects
19:20 AI's Impact on Code Development and Security
20:10 Challenges and Future Directions in Developer Identity
23:31 Concluding Thoughts and Future Conversations
Guest:Luke Hinds is the CTO of Stacklok. He is the creator of the open source project sigstore, which makes it easier for developers to sign and verify software artifacts. Prior to Stacklok, Luke was a distinguished engineer at Red Hat.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
New Heights with Jason & Travis Kelce
Football’s funniest family duo — Jason Kelce of the Philadelphia Eagles and Travis Kelce of the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about the weekly slate of games and share their INSIDE perspectives on trending NFL news and sports headlines. They also endlessly rag on each other as brothers do, chat the latest in pop culture and welcome some very popular and well-known friends to chat with them. Check out new episodes every Wednesday. Follow New Heights on the Wondery App, YouTube or wherever you get your podcasts. You can listen to new episodes early and ad-free, and get exclusive content on Wondery+. Join Wondery+ in the Wondery App, Apple Podcasts or Spotify. And join our new membership for a unique fan experience by going to the New Heights YouTube channel now!