#277: Developers are often caught in a challenging position. They are keen to write code, innovate, hack, and build new things. However, when security measures are perceived as long, difficult, and cumbersome tasks, these essential protocols tend to be avoided or improperly implemented. The key is to balance the pursuit of creativity with the need for robust security.
The idea is simple yet profound: by ensuring that security tools are straightforward and user-friendly, developers are more likely to incorporate them into their workflow. This not only benefits the developer but also the entire organization by safeguarding the product from potential vulnerabilities.
In this episode, we talk with Luke Hinds, CTO of Stacklok, about how bridging the gap between development and security can lead to healthier, more secure software environments.
Luke Hinds, CTO of Stacklok, is a highly regarded and industry recognized open source security leader and a former Distinguished Engineer from Red Hat. While at Red Hat, Luke led a security engineering team in the Office of the CTO, where open source projects such as enarx and keylime were built.
Luke founded Sigstore, an open source project that dramatically simplifies the process of digitally signing and checking software components, for a safer chain of custody tracing software back to the source. He currently acts as the chair of Sigstore’s technical steering committee.
Luke was part of the initial group who formed the OpenSSF, a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. He has served as an OpenSSF Governing Board Member and previously held a community-elected position on the foundation’s first Technical Advisory Council. Luke also manages the vulnerability bug bounty program for Kubernetes, and is a maintainer of the open source Python security tool Bandit.
Luke is widely considered as the authority on open source supply chain security and is often invited to speak at events including the RSA Conference and appear on various media shows.
Viktor Farcic is a member of the Google Developer Experts and Docker Captains groups, and published author.
His big passions are DevOps, Containers, Kubernetes, Microservices, Continuous Integration, Delivery and Deployment (CI/CD) and Test-Driven Development (TDD).
He often speaks at community gatherings and conferences (latest can be found here).
He has published The DevOps Toolkit Series, DevOps Paradox and Test-Driven Java Development.
His random thoughts and tutorials can be found in his blog TechnologyConversations.com.
If you like our podcast, please consider rating and reviewing our show! Click here, scroll to the bottom, tap to rate with five stars, and select “Write a Review.” Then be sure to let us know what you liked most about the episode!
Also, if you haven’t done so already, subscribe to the podcast. We're adding a bunch of bonus episodes to the feed and, if you’re not subscribed, there’s a good chance you’ll miss out. Subscribe now!