InfoQ Homepage Software Supply Chain Content on InfoQ

Podcasts

RSS Feed

Newer Older

About this Podcast

Intended for architects and senior developers.

Architecture & Design

How SBOMs and Engineering Discipline Can Help You Avoid Trivy’s Compromise

Viktor Peterson, part of the CISA task force working on SBOM blueprints and co-founder of sbomify, explores the shifting landscape of software supply chain security as the EU's Cyber Resilience Act (CRA) comes into force, a "GDPR moment" for the industry.

Viktor Peterson
on Apr 13, 2026

Icon

37:43
Architecture & Design

Andres Almiray on How to Release Any Software to Any OS with JReleaser

Andres Almiray, a serial open-source contributor and the creator of JReleaser, discusses the project's state, noting that the tool is usable across any ecosystem, not just Java. He also touches on the Common House Foundation's mission.

Andres Almiray
on Mar 16, 2026

Icon

31:33
Java

The Hidden Vulnerability of the Open Source Software Supply Chain: the Underlying Infrastructure

Software supply chain veteran Brian Fox unpacks the security implications of the new EU Cyber Resilience Act and its profound impact on open-source projects. He reveals the hidden infrastructure risks threatening open-source projects and shares insights for senior software leaders navigating this regulatory landscape.

Brian Fox
on Sep 29, 2025

Icon

41:48
Sponsored Content by

Icon
DevOps

Implement the EU Cyber Resilience Act's Requirements to Strengthen Your Software Project

Eddie Knight, OSPO lead at Sonatype, discusses how the EU Cyber Resilience Act can help with improving your software project’s security and in the same time to slow down the alarming acceleration of software supply chain attacks.

Eddie Knight
on Apr 21, 2025

Icon

40:38
AI, ML & Data Engineering

Generally AI Episode 4: Sold out!

In this episode of Generally AI, Meertens and Alford explore the theme of "sold out" and delve into the world of GPUs, hot sauce, and beer. The hosts cover CUDA-enabled GPUs and parallel programming patterns, then explore the parallels between the scarcity of GPUs and Sriracha hot sauce; the historical context of GPU shortages; and how beer and college students can model supply chain dynamics.

Anthony Alford Roland Meertens
on Feb 14, 2024

Icon

49:11

About this Podcast

Discussions on intentional corporate culture and software management approaches.

Culture & Methods

Investing in Open Source: The Open Source Pledge and Why it Matters

In this podcast, Shane Hastie, Lead Editor for Culture & Methods, spoke to Chad Whitacre about the Open Source Pledge, an initiative to encourage companies to financially support open-source maintainers to ensure the sustainability and security of the software they depend on. The goal is to address the social contract within open source, where companies benefit from freely available software.

Chad Whitacre
on Mar 07, 2025

Icon

16:00
Culture & Methods

Vulnerabilities and Risks in the Software Supply Chain

Shane Hastie spoke to Brian Fox of Sonatype about vulnerabilities and risks inherent in the modern software supply chain and how to overcome them.

Brian Fox
on Apr 22, 2022

Icon

27:21
Sponsored Content by

Icon

Newer Podcasts

Older Podcasts

Unlock the full InfoQ experience

Don't have an InfoQ account?

Topics

From VR to Flat Screens: Bridging the Input and Immersion Gap

Context is the Key to the Agentic Architecture Revolution: a Conversation with Baruch Sadogursky

Building Evals for AI Adoption: From Principles to Practice

From Founding Engineer to CTO to CEO – At the Same Startup

Realtime and Batch Processing of GPU Workloads

Helpful links

Choose your language

Podcasts

About this Podcast

How SBOMs and Engineering Discipline Can Help You Avoid Trivy’s Compromise

Andres Almiray on How to Release Any Software to Any OS with JReleaser

The Hidden Vulnerability of the Open Source Software Supply Chain: the Underlying Infrastructure

Implement the EU Cyber Resilience Act's Requirements to Strengthen Your Software Project

Generally AI Episode 4: Sold out!

About this Podcast

Investing in Open Source: The Open Source Pledge and Why it Matters

Vulnerabilities and Risks in the Software Supply Chain

Pip 26.1 Ships Dependency Cooldowns and Experimental Lockfile Support to Combat Supply Chain Attacks

Cloudflare and Stripe Let AI Agents Create Accounts, Buy Domains, and Deploy to Production

Google Introduces Cloud Fraud Defense as Successor to reCAPTCHA

How LinkedIn Identified a Kernel Lock Contention Issue Causing Recurring System Freezes

Uber Improves Restaurant Recommendations Using Real-Time Signals and Listwise Ranking

Designing a Multi-Agent System for Engineering Support at Scale: a Case Study from Grab

From Founding Engineer to CTO to CEO – At the Same Startup

Accountability is the Goal for AI, with EU Regulations Supporting Transparency

From Legacy to Sovereignty: Driving the Future of Insurance through Platform Engineering

How Meta Rebuilt Data Ingestion for Petabyte-Scale Reliability

Building Evals for AI Adoption: From Principles to Practice

Designing AI Platforms for Reliability: Tools for Certainty, Agents for Discovery

Arm Open-Sources Metis, an AI Security Framework Outperforming Traditional SAST Tools

AI-Assisted Migration Tool Helps Teams Move from ingress-nginx to Higress in Minutes

GitHub Slashes Agent Workflow Token Spend up to 62% with Daily Audits and MCP Pruning

Online InfoQ Architect Certification

Online InfoQ Organizational Architect Certification

Online InfoQ AI Engineering Certification

QCon San Francisco

QCon London 2027

InfoQ Software Architects' Newsletter

Podcasts

About this Podcast

About this Podcast