— Wiz Acquisition and Shawn's Recovery
Quick recap. The team discussed the potential acquisition of Wiz by Google, with Shawn expressing optimism about the impact on employees and Neil sharing his concerns about past acquisitions. They also discussed the increasing risks of supply chain attacks, particularly in open-source projects and GitHub Actions, and the challenges of maintaining security in open-source projects. The conversation also touched on the future of open source software, its commercialization challenges, and the risks associated with using open source in commercial products.
Show 6 discussion topics
Wiz Acquisition and Shawn's Recovery
In the meeting, Shawn shared updates about his recent surgery and recovery, as well as the acquisition of Wiz by another company. Matt Alvarez expressed surprise at the news, while D shared his initial concerns about the potential impact on Wiz employees. Neil, who was not aware of the acquisition, was informed by Shawn. The conversation ended with Shawn's intention to stay out of the acquisition discussion.
Acquisitions and Employee Impact Discussed
In the meeting, Shawn discussed his personal experiences with acquisitions and their impact on employees. He expressed optimism about the potential acquisition of Wiz, despite the usual concerns. Neil shared his concerns about acquisitions, citing past experiences where employees were negatively affected. He emphasized the importance of considering the impact on employees during acquisitions. Jay raised a question about the motivation behind the acquisition, expressing confusion about the company's existing portfolio.
Google Acquires Wiz for Security Competition
In the meeting, Shawn speculated that Google bought Wiz to compete with Microsoft's Security Office offering, which is getting good with Defender and Defender for Cloud. He also mentioned that Google wants to be known as security for everybody, not just GCP. Matt Currie suggested that the acquisition could lead to targeted advertising and sales attempts to move people from other cloud providers to Google. Neil agreed with Shawn's theory and added that Google's feeling pressure to compete with Microsoft is fair. He also mentioned that Google has failed to capitalize well on their previous acquisitions. Paul asked if Wiz would retain its name after the acquisition, but Matt Alvarez clarified that they wouldn't be allowed to comment on anything outside of an official channel or press release. Juninho speculated that Google would keep the Wiz name due to its brand recognition and would likely do the same with Mandiant.
Wiz Acquisition and Employee Impact
In the meeting, Matt Currie congratulated the Wiz team on the potential acquisition by Google, acknowledging their hard work. James, a former Wiz employee, shared his perspective on the acquisition, noting that some of the reported figures were inaccurate. Shawn also commented on the acquisition, emphasizing that the deal was not yet finalized and that the media often reported speculative numbers. The team discussed the potential impact of the acquisition on employees, with Matt Alvarez noting that it would depend on the candidates' preferences. The conversation ended with a brief mention of a GitHub action incident, but no further details were provided.
Supply Chain Attack Risks in Open-Source
The discussion focuses on the increasing risks of supply chain attacks, particularly in open-source projects and GitHub Actions. Matt Alvarez points out that the barrier to entry for impactful supply chain attacks is lowering, with even small projects becoming potential targets. Neil adds that despite awareness since the SolarWinds incident, practical solutions like SBOMs have been implemented without clear understanding of their utility. The conversation also touches on the challenges of maintaining security in open-source projects, including the need for pinning actions, the potential for GitHub to enforce security measures, and the legal implications of such enforcement. Mischa highlights the risk of maintainers abandoning projects due to annoying contributors, while Neil discusses the challenges of relying on abandoned or poorly maintained open-source libraries.
Open Source Software Commercialization Challenges
The discussion covers the future of open source software, its commercialization challenges, and the risks associated with using open source in commercial products. Matt Alvarez notes that organizations are becoming more reliant on open source tools. Jay suggests that increased scrutiny of software supply chains might lead to better evaluation of open source or a retreat from it. Matthew and Matt Currie highlight licensing risks and potential legal issues for companies using open source. The conversation then shifts to open data in government, with Paul mentioning environmental monitoring projects. Nathaneal asks about balancing dependency updates, and Neil emphasizes the importance of automated testing in managing updates safely.