Hannah Braswell and Jenn Power, security engineers from Red Hat and contributors to the OpenSSF, join host Sally Cooper to discuss the Gemara project. Gemara, an acronym for GRC Engineering Model for Automated Risk Assessment, is a seven-layer logical model that aims to solve the problem of incompatibility in the GRC (Governance, Risk, and Compliance) stack. By outlining a separation of concerns, the project seeks to enable engineers to build secure and compliant systems without needing to be compliance experts. The speakers explain how Gemara grew organically to seven layers and connects with other open source initiatives like the OpenSSF Security Baseline and Finos Common Cloud Controls. They also touch on the ecosystem of tools being built, including Queue schemas and a Go SDK, and how new people can get involved.
Chapters: 00:00 Welcome music + promo clip 00:22 Introductions 02:17 What is Gemara and what problem does it address? 03:58 Why do we need a model for GRC engineering? 05:50 The seven-layer structure of Gemara 07:40 How Gemara connects to other open source projects 10:14 Tools available to help with Gemara model adoption 11:39 How to get involved in the Gemara projects 13:59 Rapid Fire 16:03 Closing thoughts and call to action
Podden och tillhörande omslagsbild på den här sidan tillhör
OpenSSF. Innehållet i podden är skapat av OpenSSF och inte av,
eller tillsammans med, Poddtoppen.