Aaron and Brian talk with Randy Kilmon (VP of Engineering at @black_duck_sw)
about the open source vulnerabilities, securing containers and managing the lifecycle of rapidly changing software.
- Topic 1 - Welcome to the show. Tell us a little bit about your background and your areas of focus at Black Duck Software.
- Topic 2 - For anyone that’s not familiar with Black Duck, what role does Black Duck play in looking at open source licensing vs. actively helping with security and vulnerabilities?
- Topic 3 - One of your areas of focus is containers and container security. Obviously containers is top of mind for lots of people. What’s the reality of container security and what are the areas where people should focus their attention?
- Topic 4 - Let’s talk about “pre-container” (developers) security vs. “post-container” security (operations). What are the “gates” applications should be going through, and where are people making mistakes today?
- Topic 5 - Can we talk about managing security in the container vs. security in the host?
- Topic 6 - We have a number of listeners that are going down a journey with containers, either directly (e.g. Docker) or via PaaS platforms (e.g. Cloud Foundry, OpenShift, etc.). What’s your guidance to them?