Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security

Update: 2024-11-26

Description

CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.”

00:48 - Jack and Zach share their backgrounds
02:59 - What package repositories are and why they’re important to open source users
04:17 - The positive impact package security has on downstream users
07:06 - Jack and Zach offer insight into the "Prinicples for Package Repository Security" document
11:18 - Future endeavors of the Securing Software Repositories Working Group
17:32 - Jack and Zach answer CRob’s rapid-fire questions
19:31 - Advice for those entering the industry
21:28 - Jack and Zach share their calls to action

Episode links:

Comments

In Channel

Secure Software Starts with Awareness: Education & Open Source with the Council of Daves

2025-04-2224:46

Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts

2025-09-0930:19

Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives

2025-08-2614:59

Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits

2025-08-1225:30

From Compliance to Community: Meeting CRA Requirements Together

2025-07-2931:44

Building India's Open Source Security Community: From Developer Nation to Security Champions

2025-07-1518:46

From Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building Community

2025-07-0129:49

Bridging DevOps and Security: Tracy Reagan on the Future of Open Source

2025-06-1720:04

Yoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes

2025-06-0319:49

Cybersecurity Framework Launch

2025-05-2020:45

Scaling Security: Inside the GitHub Securing Open Source Software Fund

2025-05-1326:48

Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter

2025-05-0621:13

Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF

2025-04-1511:25

JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at Scale

2025-04-0817:49

Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding

2025-03-2517:18

OpenSSF 2025 MVVSR Overview

2025-03-1126:56

Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain

2025-01-0721:06

Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects

2024-12-1716:47

Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security

2024-12-1027:15

Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security

2024-11-2623:44

00:00

1.0x

Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security

#box-pro-ellipsis-175860565855344{-webkit-line-clamp:2;}Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security

Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security

OpenSSF

Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security