Software Engineering Radio - the podcast for professional software developers

Dan Lorenc, CEO of Chainguard, a software supply chain security company, joins SE Radio editor Robert Blumen to talk about software supply chain attacks. They start with a review of software supply chain basics; how outputs become inputs of someone else's supply chain; techniques for attacking the supply chain, including compromising the compilers, injecting code into installers, dependency confusion, and typo squatting. They also consider Ken Thompson's paper on injecting a backdoor into the C compiler. The episode then considers some well-known supply chain attacks: researcher Alex Birsan's dependency confusion attack; the log4shell attack on the Java Virtual Machine; the pervasiveness of compilers and interpreters where you don't expect them; the SolarWinds attack on a network security product; and CodeCov compromising the installer with code to insert exfiltration of environment variables into the installer. The conversation ends with some lessons learned, including how to protect your supply chain and the challenge of dependencies with modern languages.

Andy Dang, Head of Engineering at WhyLabs discusses observability and data ops for AI/ML applications and how that differs from traditional observability. SE Radio host Akshay Manchale speaks with Andy about running an AI/ML model in production and how...

Eddie Aftandilian, Principal researcher at GitHub discusses GitHub copilot and how it can improve developer productivity with host Priyanka Raghavan. The discussion explores various subtopics such as the history of copilot, how it can improve developer...

Peter Wyatt, CTO at PDF Association and project co-Leader of ISO 32000 (the core PDF standard), Duff Johnson CEO at PDF Association and ISO Project co-Leader and US TAG chair for both ISO 32000, discuss the 30 years' history of PDF, how to make a PDF...

Xe Iaso of Tailscale discusses how a VPN can be a useful tool when building software. SE Radio host Jeremy Jung spoke with Iaso about what VPNs are, onboarding, access control, authentication in the network vs individual services, peer-to-peer vs...

Tanmai Gopal, CEO of Hasura.io, joined SE Radio host Jeff Doolittle for a conversation about GraphQL. They discussed the history and rationale behind the original conception of GraphQL, as well as some of the use cases it is best suited for...

Jeff Perry, career coach with experience in multiple engineering and technology fields discusses how software engineers can be intentional and proactive in evaluating and pursuing career options, with host Kanchan Shringi.

Jonathan Shariat, coauthor of the book Tragic Design, discusses harmful software design. SE Radio host Jeremy Jung speaks with Shariat about how poor design can kill in the medical industry, accidentally causing harm with features meant to bring joy...

Adrian Kennard and Kevin Hones, Founders of FireBrick routers and firewalls, discuss how to design, build, test and support a hardware router and network operating system from scratch, while sharing the lessons learned. You'll also learn that in certain..

Brian Campbell, Distinguished Engineer at Ping Identity discusses cryptographic defences against stolen tokens for the OAUTH2 protocol with host Priyanka Raghavan. The discussion explores various subtopics such as the history of Proof of possession...