OpenSSL Vulnerability with Ilkka Turunen
Podcast: Play in new window | Download
Subscribe: RSS
OpenSSL is a free, open-source cryptographic library that provides secure communications over computer networks. It’s widely used to implement the secure socket layer (SSL) and transport layer security (TLS) protocols, which are the basis for secure, encrypted connections on the internet.
On Oct 25th, the OpenSSL project informed its users of a critical vulnerability that affects the 3.0 and later versions of the OpenSSL component. In a twist to the usual formula, the project gave the world a week’s advance notice of the upcoming update, and various stakeholders prepared for this accordingly. In this episode, we sat down with Ilkka Turunen, Sonatype’s Field CTO; we discussed a wide range of topics, including the OpenSSL vulnerability, Shodan, SBOMs, Software Supply Chain and others.
Show Host – Jeff Hemmen
Sponsorship inquiries: sponsor@softwareengineeringdaily.com
Sponsors
This segment of Software Engineering Daily is brought to you by Privacy Dynamics, the simple solution for anonymizing data intelligently.
Development and testing environments are the number one source of costly data breaches. Privacy Dynamics creates a de-identified copy of your production data in minutes, allowing developers to maintain their velocity and improve testing without taking on unnecessary compliance and security risks.
Using a proprietary approach based on the latest research, Privacy Dynamics automatically detects and eliminates PII while maintaining the schema, format, scale, and analytical utility of the source data. With a simple integration into any data store, Privacy Dynamics anonymizes data in Postgres, MySQL, Snowflake, Big Query, S3 and more.
Are you letting sensitive PII land in development and testing environments? Eliminate the #1 threat of a data breach and start using de-identified data in your development and testing environments by signing up for a free account today at http://privacydynamics.io/
This episode is supported by AWS Insiders. AWS Insiders is an edgy, entertaining podcast about the services and future of cloud computing at AWS. In every episode, hosts Rahul Subramaniam and Hilary Doyle invite a top guest from the world of cloud computing to debate the most contentious topics in the industry — from the future of serverless to SQL versus noSQL , and from multi-cloud to locking in on a single cloud vendor. We think you should check it out! Search for AWS Insiders in your podcast player. Click here to get in on the fun.
You know when you’re working on a project and you leave behind a small reminder in the code – a code comment – to help others learn from your work? This podcast takes that idea by letting you listen in on two experienced technologists as they describe their building process.
There’s a lot of work required to bring a project from whiteboard to development, and none of us can do it alone.
The host, Burr Sutter, is a Red Hatter and lifelong developer advocate and community organizer. I checked out the deep learning episode of Code Comments, and I really appreciated Burr’s guidance through the conversation. The episode tackles a deep but fascinating topic. It covers use cases, realistic examples, and motivations for the relevant technology. I think their approach allows for easier contextualization of these significant topics in the coding space.
Search for Code Comments in your podcast player! You can check them out by clicking the link: https://link.chtbl.com/codecomments?sid=podcast.cloudengineering