in-toto, with Santiago Torres-Arias

When is it safe to run software? When is it safe to drink orange juice? Are we a better judge of one or the other? Santiago Torres-Arias is an Assistant Professor at Purdue University, the team lead of the in-toto project, and a contributor to The Update Framework. He joins Craig to talk security in both physical and software supply chains. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Don’t Forget The Lyrics Gettin’ Jiggy Wit It Explained on Genius Will Smith on Top Gear The Oscars thing (CW: violence, cuss words that Will Smith didn’t used to have to rap to sell records) He’s The Greatest Dancer by Sister Sledge; written by Bernard Edwards and Nile Rodgers of Chic News of the week New Cisco Intersight Kubernetes features Red Hat OpenShift v4.10 ChaosNative acquired by Harness Azure PlayFab launches Thundernetes Episode 26, with Cyril Tovena and Mark Mandel Hacker News commentary Weave GitOps v2022-03 Qumulo for Kubernetes SpectroCloud raises $40m Pinterest: 99% to 99.9% SLO, high performance control plane Uber: Avoiding CPU throttling in a containerized environment Links from the interview in-toto The Update Framework Purdue University Elmore Family School of Electrical and Computer Engineering Purdue Boilermakers Open Source Software Senior Design Projects NYU Tandon School of Engineering Justin Cappos PolyPasswordHasher Episode 155, with Priya Wadhwa apt-secure for Debian packages A keysigning and a signed PGP key Farm to table attestation Potato tracking An example of E. coli in lettuce in-toto record Project Trebuchet: How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack by Trevor Rosen, Solarwinds Reflections on Trusting Trust by Ken Thompson Secure Publication of Datadog Agent Integrations with TUF and in-toto US Executive Order on Improving the Nation’s Cybersecurity Readout of White House Meeting on Software Security sigstore in-toto is the second most used format for sigstore SPIFFE SLSA in-toto moves to incubation in the CNCF CFSSL Math rock Covet: “falkor” TTNG: +3 Awesomeness Repels Water Bird of the Year The kea Breaking a police car Santiago Torres-Arias on Twitter and at badhomb.re