Podcast appearances and mentions of josh bressers

Podcast: Open Source Security (LS 38 · TOP 2% what is this?)Episode: Embedded Security with Paul AsadoorianPub date: 2025-05-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationRecently, I had the pleasure of chatting with Paul Asadoorian, Principal Security Researcher at Eclypsium and the host of the legendary Paul's Security Weekly podcast. Our conversation dove into the often-murky waters of embedded systems and the Internet of Things (IoT), sparked by a specific vulnerability discussion on Paul's show concerning reference code for the popular ESP32 microcontroller. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-embedded-security-with-paul-asadoorian/The podcast and artwork embedded on this page are from Josh Bressers, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Topics covered in this episode: Open Source Myths uv 0.3.0 and all the excitement Top pytest Plugins A comparison of hosts / providers for Python serverless functions (aka Faas) Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training pytest courses and community at PythonTest.com Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Open Source Myths Josh Bressers Mastodon post kicking off a list of open source myths Feedback and additional myths compiled to a doc Some favorites All open source developers live in Nebraska It's all run by hippies Everything is being rewritten in rust Features are planned If the source code is available, it's open source A project with no commits for 12 months is abandoned Many eyes make all bugs shallow Open source has worse UX Open source has better UX Open source makes you rich Michael #2: uv 0.3.0 and all the excitement Thanks to Skyler Kasko and John Hagen for the emails. Additional write up by Simon Willison Additional write up by Armin Ronacher End-to-end project management: uv run, uv lock, and uv sync Tool management: uv tool install and uv tool run (aliased to uvx) Python installation: uv python install Script execution: uv can now manage hermetic, single-file Python scripts with inline dependency metadata based on PEP 723. Brian #3: Top pytest Plugins Inspired by (and assisted by) Hugo's Top PyPI Packages Write up for Finding the top pytest plugins BTW, pytest-check has made it to 25. Same day, Jeff Triplett throws my code into Claude 3.5 Sonnet and refactors it Thanks Jeff Triplett & Hugo for answering how to add Summary and other info Michael #4: A comparison of hosts / providers for Python serverless functions (aka Faas) Nice feature matrix of all the options, frameworks, costs, and more The WASM ones look particularly interesting to me. Extras Brian: When is the next live episode of Python Bytes? - via arewemeetingyet.com Thanks to Hugo van Kemenade Some more cool projects by Hugo Python Logos PyPI Downloads by Python version for various Python tools, in pretty colors Python Core Developers over time Michael: Code in a Castle Course event - just a couple of weeks left Ladybird: A truly independent browser “I'm also interested in your video recording setup, would be nice to have that in the extras too :D” OBS Studio Elgato Streamdeck Elgato Key light DaVinci Resolve Joke: DevOps Support Group via Blaise Hi, my name is Bob Group: Hi Bob I's been 42 days since I last ssh'd into production. Group: Applause But only 4 days since I accidentally took down the website Someone in back: Oh Bob…

Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways. CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these? CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not". EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next? This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD sinkclose vulnerability will keep running, you down with SLDP yea you know me, Phrack!, IoTGoats, Pixel vulnerabilities, leaking variables, a DEF CON talk that was not cancelled, Telnet is still a thing, More CNAs, and the last thing Flint Michigan needed was a ransomware attack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-840

Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways. CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these? CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not". EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next? This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD sinkclose vulnerability will keep running, you down with SLDP yea you know me, Phrack!, IoTGoats, Pixel vulnerabilities, leaking variables, a DEF CON talk that was not cancelled, Telnet is still a thing, More CNAs, and the last thing Flint Michigan needed was a ransomware attack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-840

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-833

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Show Notes: https://securityweekly.com/psw-833

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-833

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Show Notes: https://securityweekly.com/psw-833

Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more! Segment Resources: NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/ Josh's Latest post: https://opensourcesecurity.io/2024/06/03/why-are-vulnerabilities-out-of-control-in-2024/ Josh's podcasts: https://opensourcesecurity.io/category/podcast/ https://hackerhistory.com/ This week: Take on the upstream, how hard is it to patch end-of-life software, hack millions of routers, take over millions of routers, 0-days, and no responses, hack Taylor Swift wristbands, can you detect that covert channel?, and breach reports from Ticketmaster, Snowflake, Santander, and TikTok, and top it all of with C-level DNS servers dropping off the Internet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-831

Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more! Segment Resources: NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/ Josh's Latest post: https://opensourcesecurity.io/2024/06/03/why-are-vulnerabilities-out-of-control-in-2024/ Josh's podcasts: https://opensourcesecurity.io/category/podcast/ https://hackerhistory.com/ Show Notes: https://securityweekly.com/psw-831

Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more! Segment Resources: NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/ Josh's Latest post: https://opensourcesecurity.io/2024/06/03/why-are-vulnerabilities-out-of-control-in-2024/ Josh's podcasts: https://opensourcesecurity.io/category/podcast/ https://hackerhistory.com/ This week: Take on the upstream, how hard is it to patch end-of-life software, hack millions of routers, take over millions of routers, 0-days, and no responses, hack Taylor Swift wristbands, can you detect that covert channel?, and breach reports from Ticketmaster, Snowflake, Santander, and TikTok, and top it all of with C-level DNS servers dropping off the Internet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-831

Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more! Segment Resources: NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/ Josh's Latest post: https://opensourcesecurity.io/2024/06/03/why-are-vulnerabilities-out-of-control-in-2024/ Josh's podcasts: https://opensourcesecurity.io/category/podcast/ https://hackerhistory.com/ Show Notes: https://securityweekly.com/psw-831

- First off, for folks that don't know you can you give them a brief overview of your background/organizations?- Josh, let's start with you. Can you explain some of what is going on with the drama around NVD and what happened that caught everyone's attention?- Dan - I know you've raised concerns around the implications for the community when it comes to the lack of CVE enrichment, how do you see this impacting the vulnerability management ecosystem?- Josh - Your team has started providing some accompanying resources to try and address the gap, can you tell us a bit about that?Dan - You've spun up an open letter to congress and have kicked off a bit of a grass roots effort to raise awareness around the problem. How is it going so far and what are you hoping to accomplish with the letter?- Why do you both think this is such a big deal, and how can something so critical to the entire software ecosystem be so underfunded, overlooked and taken for granted?- What are some things you all hope to see in the future to resolve this, both from NIST/NVD and the Government but also from industry as well?

The open source software ecosystem has always faced tough challenges related to community, governance, and scalability. More than ever before, much conversation about open source struggles is devoted to the security of the software supply chain, especially when considering the unique challenges of a distributed, often anonymous, community-based development team. Josh Bressers, VP of Security at Anchore, fellow podcaster and Open SSF volunteer, joins us to talk about why, despite these challenges, open source isn't broken and how to address the very human aspects of open source security and communities. Resources: Avoiding the success trap: Toward policy for open-source software as infrastructure I am not a supplier All About SBOMs: The Software Bill of Materials Open Source: The Nerd Version of Formula One XKCD: Dependency Guest: Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Josh is the co-lead of the OpenSSF SBOM Everywhere project and co-hosts the Open Source Security Podcast and the Hacker History Podcast. He also is the co-founder of the Global Security Database project to bring vulnerability identification into the modern age.

We are joined by Josh and Kurt from the amazing Open Source Security Podcast! We're talking about supply chain risks, threats and vulnerabilities in this segment! Segment Resources: https://opensourcesecurity.io/   This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw765

We are joined by Josh and Kurt from the amazing Open Source Security Podcast! We're talking about supply chain risks, threats and vulnerabilities in this segment! Segment Resources: https://opensourcesecurity.io/   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw765

We are joined by Josh and Kurt from the amazing Open Source Security Podcast! We're talking about supply chain risks, threats and vulnerabilities in this segment! Segment Resources: https://opensourcesecurity.io/   This week in the Security News: When you just wanna hurl, malicious containers, FCC bans stuff, these are not the CVE's you're looking for, Linux password mining, mind the gap, hacking smart watches, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw765

We are joined by Josh and Kurt from the amazing Open Source Security Podcast! We're talking about supply chain risks, threats and vulnerabilities in this segment! Segment Resources: https://opensourcesecurity.io/   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw765

Chris: To start us off, why do you think OSS and the software supply chain are now beginning to get so much attention, despite being widely used for years now?Chris: When it comes to OSS, any thoughts on how we balance security while also not stifling the innovative creative environment that is the OSS ecosystem?Nikki: On one of your recent podcast episodes, you discussed how open source can be unfair, whether that's to users or to developers. Can you break that down a little bit for our audience?Nikki: I think there are a lot of valuable lessons from the past that inform future trends. What would you say some of the top emerging trends are around open-source software - what should we be concerned about today versus a year from now?Chris: What are your thoughts on the current state of Vulnerability Databases, we know you have some strong opinions and have been involved in an effort titled the Global Security Database with CSA - can you tell us a bit about that and why it is needed?Chris: Do you think the emerging frameworks such as NIST 800 161 R1, SSDF, SLSA etc. are going in the right direction?Chris: We couldn't let you go without discussing SBOM. What are your thoughts on the current state and direction of both SBOM and VEX. Do you think this increased level of transparency and granularity of vulnerabilities will be something most organizations can manage successfully?Nikki: You have 341 episodes of your podcast - can you talk a little bit about why you wanted to get into podcasting? And also if you have any tips or advice for anyone who wants to start their own podcast?Nikki: One of the major areas I don't hear being discussed around open source software is the 'human factor'. I see the integration of open source software as alleviating some of the mental workloads and information processing for developers and teams, but may also introduce other concerns. How do you feel about the human factor around OSS?

In this episode, John Yeoh, Global Vice President of Research at Cloud Security Alliance,  joins hosts Kim Weins and Josh Bressers to discuss the state of security in the cloud and how to solve supply chain pain points like misconfigurations, zero trust, and transparency. They explore the need to align best practices and how the Global Security Database initiative is working to unify vulnerability data disclosure across the industry.

In this episode, Matt Huston, CISO of the Platform One program in the United State Air Force, joins Kim Weins and Josh Bressers to discuss how the USAF is innovating with modern DevSecOps practices while meeting exacting government standards. They dive into how software factories within the U.S. Department of Defense are leveraging the same practices followed by industry leaders to dramatically speed up the delivery of secure software.

In this episode, Kim Weins and Josh Bressers engage Stephen O'Grady, co-founder and principal analyst at RedMonk, on how improving the developer experience can pay dividends for security up and down the software supply chain. 

In this episode, Neil Levine of Anchore joins Kim Weins and Josh Bressers to discuss the power of SBOMs. They explore practical first steps for using SBOMs and how they can improve software supply chain security starting today.

Steve Lasker of Microsoft joins the show and talks with host Kim Weins and Josh Bressers about how the software ecosystem will generate and use SBOMs.  He reveals the challenge of giant SBOMs and how Microsoft is providing transparency to customers about the components in their software. 

In this episode, Bren Briggs of Hypergiant joins host Kim Weins and Josh Bressers to discuss software supply chain issues that keep them up at night. They touch on SBOMs as an inventory tool, DevSecOps by definition and the practice of software supply chain management.

On this inaugural episode of the show, veteran security leader and world-famous podcaster: Josh Bressers joins host Kim Weins to discuss the log4j security vulnerability and the way forward in preparation for the next zero-day attack. 

Las malas prácticas de seguridad y confiabilidad pueden causar interrupciones que afecten a millones de personas. Ya es hora de que la seguridad se vuelva parte del movimiento DevOps, porque cuando vivamos en un mundo DevSecOps, podremos dejar volar nuestra creatividad para mejorarla. Antes los equipos encontraban un punto vulnerable al mes. Hoy, el desarrollo de software avanza rápidamente gracias a los procesos ágiles y los equipos de DevOps y Vincent Danen nos explica cómo eso nos ha llevado a un drástico aumento de los puntos vulnerables. Jesse Robbins, el ex maestro de los desastres en Amazon, explica cómo actualmente las empresas se preparan para los errores y problemas catastróficos. Y Josh Bressers, director de seguridad de los productos en Elastic, analiza el futuro de la seguridad en la tecnología. No podemos tratar a los equipos de seguridad como si fueran gruñones malhumorados. Escucha el podcast para saber cómo hacen los equipos de DevSecOps para reunir a los héroes y mejorar la seguridad.

Even though Josh Bressers says that security itself is meant to be boring, there are no dull moments when discussing the evolution of the world of cybersecurity, especially because security is truly a never-ending journey.  Josh leads the Product Security Group at Elastic, and in his previous role at Red Hat he was a Cybersecurity Strategist & Product Manager, leading the security strategy in Red Hat's Platform Business Unit. On this episode of Future of Tech, Josh dives into every corner of the cybersecurity world, including how working in open source has finally emerged as the winner in the world of tech and what that means from a security standpoint. He also discusses how artificial intelligence is taking on a more important role in security operations, especially as more and more people are working from home. Plus, a look at the history of DevSecOps and where that part of the industry is headed in a more digitally-connected world and the inside scoop on how hackers are attacking businesses today and what to do to turn them away. Enjoy this episode!  Main Takeaways:   Good and Bored: Ideally, security within businesses should be boring. When cybersecurity is done correctly, no one should know about what is happening and operations should run smoothly. Bring in the Bots: Although A.I. has been somewhat of a white whale in the world of technology, in terms of security, there are actual application and use cases that prove A.I. is a beneficial tool. Especially as more people have moved to working from home, having bots scan through the security protocols, logins and other logs to flag suspicious activity has become more important than ever, and it is a job only a bot can do effectively. Grab and Go: Hackers today are much more opportunistic than they were in the past. When hackers attack today, they go big and try to get as much data as they can in one fell swoop. Crime is becoming a business, and companies need to protect against widespread data hacks more today than ever before. --- Future of Tech is brought to you by Amdocs Tech. Amdocs Tech is Amdocs's R&D and technology center, paving the way to a better-connected future by creating open, innovative, best-in-class products and continuously evolving the way we work, learn and live. To learn more about Amdocs Tech, visit the Amdocs Technology page on LinkedIn.  

In the news; Elastic Common Schema, 7.0.0-beta1, .Net APM clients, Go clients, oh my! Aaron talks with Josh Bressers (@joshbressers) about his unique pastime, ingesting the Bitcoin Ledger into the Elastic Stack and searching for cake recipes. Mike tells us the difference between different Elasticsearch node types. Links and additional notes found at https://theelasticast.com/episodes/0013-bitcoin/

Bad security and reliability practices can lead to outages that affect millions. It’s time for security to join the DevOps movement. And in a DevSecOps world, we can get creative about improving security. Discovering one vulnerability per month used to be the norm. Now, software development moves quickly thanks to agile processes and DevOps teams. Vincent Danen tells us how that’s led to a drastic increase in what’s considered a vulnerability. Jesse Robbins, the former master of disaster at Amazon, explains how companies prepare for catastrophic breakdowns and breaches. And Josh Bressers, head of product security at Elastic, looks to the future of security in tech. We can’t treat security teams like grumpy boogeymen. Hear how DevSecOps teams bring heroes together for better security. These changes mean different things for everyone involved, and we’d love to hear your take. Drop us a line at redhat.com/commandlineheroes, we're listening...

Enjoy this conversation with Josh Bressers, product security at Elastic and former colleague at Red Hat. Josh answers my questions about password management, general computer security and what matters (or doesn't) in today's predominantly online world. The post Practical Password Security with Josh Bressers (48) appeared first on John Poelstra.

This week Dave and Josh Bressers pregame Red Hat Defense in Depth 2016! October 6: Red Hat Defense in Depth Josh’s secure supply chain talk USBGuard Josh’s Red Hat security roadmap talk w/public sector spin Steve Grubb on application whitelisting with fapolicyd (File Access Policy Daemon) Robin Price and Martin Preisler’s OpenSCAP lab Lucy Kerner on compliance automation with OpenSCAP, Ansible, Satellite, and CloudForms Dan Walsh on container security w/coloring books Subscribe to Josh and Kurt Seifried’s new podcast: Open Source Security Podcast We Give Thanks Josh Bressers for being our special guest star! Special Guest: Josh Bressers.

This week, Gunnar talk to Josh Bressers, Security Strategist for Red Hat Enterprise Linux, about how product security teams work, the difference between engineering and product management, and how he became the change he wanted to see in the world. Start here for Red Hat security. Everything you needed to know about Red Hat Security Advisories. A staggering amount of security response data from Mark Cox’s team. The 2004 Red Hat Security phishing scam. Red Hat Insights OpenSCAP in Satellite and CloudForms Special Guest: Josh Bressers.

Josh Bressers for 12 years now has been the quiet unassuming security hero at Red Hat working with the Security Response Team to build common sense practices and polished security processes into the operating system Red Hat Enhanced Linux (RHEL), and all derivative products in the virtualisation space (RHEV), and our products in middleware, storage and now containers and the cloud. He is presenting at RSAConference on Friday as well as talking at the Red Hat security breakfast on Wednesday this week here in San Francisco. It's overdue that I put a microphone in front of him. This is what happens when you put two security geeks in that position.

This week Dave talks with Josh Bressers, Trevor Quinn, Bob St. Clair, and Dan Walsh about DevOpsSec! 2015 Defense in Depth @RedHatGov blog coverage: Defense in Depth pregame: Defense in Depth Event Will Bring Red Hat Summit’s Security Focus to the Beltway Defense in Depth panel postgame: DevOps: A Timely Solution to a Timeless Challenge Dan Walsh refresher on container security   We Give Thanks Josh Bressers, Trevor Quinn, Bob St. Clair, and Dan Walsh for being our special guest stars! Alex Tinsley for choreographing a most excellent Defense in Depth!