The State of Security in the Octoverse with Maya Kaczorowski
How secure is your software? Carl and Richard talk to Maya Kaczorowski of GitHub about The State of the Octoverse Security Report - one of three annual reports coming from GitHub about how software is being built. Maya talks about how software vulnerabilities are found and fixed, including the amazing statistic that vulnerabilities on average exist in code for four years before being detected! Also, the criticality of the vulnerability doesn't seem to increase the speed to fix - what does make a difference is automation. Automated build and deployment pipelines, including security analysis early in the process - those are the things that make our software safer!
Guests:
Maya Kaczorowski
Maya Kaczorowski is a Product Manager at GitHub in software supply chain security. She was previously in Security & Privacy at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises. She completed her Master's in mathematics focusing on cryptography and game theory. She is bilingual in English and French. Outside of work, Maya is passionate about ice cream, puzzling, running, and reading nonfiction.
Links:
- Samsung Odyssey G9 https://www.samsung.com/us/computing/monitors/gaming/49--odyssey-g9-gaming-monitor-lc49g95tssnxza/
- Dependabot https://dependabot.com/
- The 2020 State of the Octoverse https://octoverse.github.com/
- kik, left-pad, and npm https://blog.npmjs.org/post/141577284765/kik-left-pad-and-npm
- OWASP Source Code Analysis Tools https://owasp.org/www-community/Source_Code_Analysis_Tools