Episode 264 – DevSecOps with GitLab’s Mark Loveless

Josh and Kurt talk to Mark Loveless from GitLab. We touch on DevSecOps, what GitLab is doing, threat modeling, and the time Mark tested positive for TNT at the airport. It’s a great conversation. Show Notes Mark Loveless Twitter GitLab GitLab Handbook How we approach open source security PASTA threat modeling GitLab security features TalesContinue reading “Episode 264 – DevSecOps with GitLab’s Mark Loveless”

Episode 211 – The only thing harder than signing files is managing users

Josh and Kurt talk about the Microsoft 2 year old signature bug and GitLab no longer processing MFA resets for free users. Signing things is hard, but trying to manage users and infrastructure at scale is even harder. Show Notes Microsoft signed jar bug GitLab Support is no longer processing MFA resets for free users Someone Is HijackingContinue reading “Episode 211 – The only thing harder than signing files is managing users”