OAuth is an open standard for access delegation. It lets users grant websites or applications access to their information on other websites, but without giving away passwords. OpenID Connect is an identity layer on top of OAuth. Even if you haven’t programmed using OAuth and OpenID Connect, you’ve certainly used them for authentication on Google,

Corbado is an authentication platform that provides APIs for developers to replace passwords with passkeys such as Face ID or Touch ID. Vincent Delitz is a Co-Founder at Corbado and he joins the show to talk about the platform, the changing authentication landscape, the challenge of session management with passkeys, and more. Gregor Vand is

SimpleWebAuthn is an open source TypeScript-centric pair of libraries – frontend and backend – that make it easier for devs to implement WebAuthn on the web. Matthew Miller started the project in 2019 and it has grown in tandem with the popularization of WebAuthn. He joins the podcast today to talk about the history of

Security issues can often be traced back to small misconfigurations in a database or cloud service, or an innocent code commit. OpsHelm is a security platform that’s oriented around identifying and fixing these issues. Kyle McCullough is the Co-Founder and CTO of OpsHelm and he has deep experience in backend and data engineering. He joins

Software supply chain security is a major challenge in the modern engineering environment. Many teams are working to establish best practices to proactively identify, fix, and prevent risks in their applications. Apiiro is a platform designed to solve this problem and gives risk visibility, prioritization, and remediation. Yonatan Eldar is the Co-Founder and CTO at

Ransomware attacks involve the deployment of malware that blocks access to a user’s or organization’s computer files by encrypting them. The attackers then demand a ransom payment in exchange for the decryption key that will restore access to the files. These attacks are often directed at governments and corporations, and can be costly. Veeam is

One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services. This was an example of

This episode of Software Engineering Daily is part of our on-site coverage of KubeCon 2023, which took place from November 6th through 9th in Chicago. In today’s interview, host Jordi Mon Companys speaks with Santiago Torres-Arias who is a contributor to Sigstore, which is a system to register software supply chain actors using federated identity

Available as a cloud service, Red Hat Trusted Software Supply Chain provides a DevSecOps framework to create applications more securely. Vincent Danen is the VP of Product Security at Red Hat and joins us in this episode. Red Hat has been a Secure Open Source software provider for very long. We discuss how the Red

The software supply chain refers to the process of creating and distributing software products. This includes all of the steps involved in creating, testing, packaging, and delivering software to end-users or customers. Socket is a new security company that can protect your most critical apps from supply chain attacks. They are taking an entirely new

Ian Coldwater is a DevSecOps engineer turned red teamer who specializes in breaking and hardening Kubernetes, containers, and cloud native infrastructure. In their spare time, they like to go on cross-country road trips, capture flags, and eat a lot of pie. Ian lives in Minneapolis and tweets as @IanColdwater. This Interview was recorded at KubeCon Europe and

A SIEM platform provides organizations with a powerful tool for improving their security posture, by providing insights into potential security threats and enabling proactive security measures. Panther is a Cloud based security monitoring platform that helps teams detect and respond to security breaches quickly and intelligently. Jack Naglieri is the Founder and CEO of Panther

Cloud computing provides tools, storage, servers, and software products through the internet. Securing these resources is a constant process for companies deploying new code to their cloud environments. It’s easy to overlook security flaws because company applications are very complex and many people work together to develop them. Wyze Labs, for example, had millions of

Originally published on August 23, 2021. Application security is usually done with a set of tools and services known as SIEM – Security Information and Event Management. SIEM tools usually try to provide visibility into an organization’s security systems, as well as event log management and security event notifications.  The company Panther takes traditional SIEM

The JavaScript supply chain includes numerous vulnerabilities due to its expansive nature and the long dependency chains. Socket is a new security company that can protect your most critical apps from supply chain attacks. They are taking an entirely new approach to one of the hardest problems in security in a stagnant part of the

The software supply chain consists of packages, imports, dependencies, containers, and APIs. These different components each have unique security risks. To ensure the security of their software supply chain, many developers use tools to analyze and scan their infrastructure for vulnerabilities. Barak Schoster works at Bridgecrew, a DevSecOps cloud security platform. He joins the show

Snyk is a platform for security that started with open source scanning and has expanded into container security, infrastructure as code, and other products. Snyk is a simple product to use, but has hidden complexities that build large data structures to manage and scan code dynamically. In a previous episode we discussed the core Snyk

Everyone is becoming increasingly aware of supply chains for physical goods.  Software has its own supply chain.  A supply of open source solutions exists as does a demand for these solutions by industry.  Both have surely grown, but it would be nice to have a way of measuring by how much. The State of Software

Microservice architecture has become a ubiquitous design choice.  Application developers typically have neither the training nor the interest in implementing low-level security features into their software.  For this and many other reasons, the notion of a service mesh has been introduced to provide a framework for service-to-service communication. Today’s guest is Zack Butcher.  While working

Neural networks, in particular, deep neural networks have revolutionized machine learning.  Researchers and companies have pushed on the efficiency of every aspect of the machine learning lifecycle.  The impact of the trained models is particularly significant for computer vision and in turn for autonomous driving and security systems. In this episode, I interview Forrest Iandola,