AddGitHub
All podcastsSuggest edits
Open Source Security
4.7(39)

Open Source Security

by Josh Bressers

527 episodesLatest yesterdayEN
Open SourceAppsec
AppleRSSWebsite
Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hours. Let's focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what's up, they have a lot to teach us. We just have to listen.

This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.

Recent reviews on Apple Podcasts (5)

  • josh is insufferable

    I really enjoy Kurt’s perspective on stuff. Josh is insufferable. Not sure what complex he suffers from, but he can never be wrong and is always steamrolling Kurt.

    letitsnowman ·

  • Great Podcast

    I don't work in this field; I'm strictly a security hobbyist. Found this podcast through archive.org, incidentally. Listened to 5 minutes of one episode and that was enough for me to subscribe. Thanks for a great podcast!

    CornOnTheMacabre ·

  • Most frustrating show I continue listening to

    Like a meeting with no agenda it can be informative and entertaining and you’re never quite sure if you should attend again but usually you do.

    cspeckrun ·

  • The banter is spot on

    as of September 2023 be negative reviews may be from non-techs or squishy persons in general. I understand the humor, and every episode that I have listened to so far which is only half a dozen the hosts understand and get what they are talking about. having over 20 years both professionally and not in the information technology field I find myself quite amused at their observations, and more often than not not in agreement more than once an episode. If the hosts, however, ever come across this comment, if you guys would enable Apple podcasts, so that I could toss a few dollars your way I would be more than happy to do so.

    unbleachedbit ·

  • Excellent

    I listen every week - it’s great to hear from others in my field.

    ktkaffee ·

View all reviews on Apple Podcasts

Episodes (527)

  1. How to actually test a disaster plan with David Bernstein

    May 4, 202634m

    Josh and David finish up the disaster recovery and emergency planning trilogy. In this one David tells us how to test the plan he told us how to build in the last episode. There are some great ideas in this one about how

  2. Open Source Pledge with Vlad-Stefan Harbuz

    Apr 27, 202634m

    Josh has a discussion with Vlad-Stefan Harbuz about the Open Source Pledge as well as his recent FOSDEM talk. The Open Source Pledge is all about trying to build a sustainable universe for open source maintainers. This t

  3. Building a plan for disaster with David Bernstein

    Apr 20, 202639m

    Josh welcomes back David Bernstein to talk about creating a disaster recover plan. It's a very timely topic given all the current events. There are more supply chain attacks and compromises than ever before. There are so

  4. Open Source Malware with Paul McCarty

    Apr 13, 202638m

    Josh talks to Paul McCarty of Open Source Malware about ... open source malware. Paul explains why there aren't many good open source malware datasets. We discuss why the existing data is lacking for many use cases. We o

  5. Package management challenges with Andrew Nesbitt

    Apr 6, 202636m

    Josh welcomes back Andrew Nesbitt to discuss some recent blog posts he wrote about the challenges of new ecosystems as well as challenges of no ecosystems like C. There aren't very many people who look at multiple ecosys

  6. Open Source Security at scale with Michael Winser

    Mar 30, 202642m

    Josh talks to Michael Winser about a talk he gave at FOSDEM as well as his work on Alpha Omega at the Linux Foundation. Michael is approaching open source security in a way that nobody has ever tried before. What if we c

  7. 2026 State of the Software Supply Chain with Brian Fox

    Mar 23, 202635m

    Josh chats with Brian Fox from Sonatype about their 2026 State of the Software Supply Chain report. Most of the number continue to grow at alarming rates, but there's some new interesting findings in this one. We discuss

  8. MCP and Agent security with Luke Hinds

    Mar 16, 202635m

    Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke's new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We explain what MCP and

  9. The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

    Mar 9, 202633m

    Josh talks to Paul Kehrer and Alex Gaynor, from the Python Cryptographic Authority. Alex and Paul recently published a statement discuss the challenges posed by modern OpenSSL. We discuss the statement and their relation

  10. Rust coreutils with Sylvestre Ledru

    Mar 2, 202631m

    Josh talks to Sylvestre Ledru about the Rust coreutils project. We've been using GNU coreutils for decades now, and the goal of Rust coreutils is to rewrite these utilities in Rust. The primary reason isn't security, it'

  11. Goose and the Agentic AI Foundation with Brad Axen

    Feb 23, 202629m

    Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but Brad has a very pragmatic view about where things are today and where

  12. The Global Vulnerability Intelligence Platform with Olle E. Johansson

    Feb 16, 202634m

    Josh chats with Olle E. Johansson about the Global Vulnerability Intelligence Platform (GVIP). It's no secret the current vulnerability systems are reaching a breaking point. Olle is one of the few people with a long ter

  13. Digital Sovereignty and Nextcloud with Frank Karlitschek

    Feb 9, 202632m

    Josh talk to the founder and CEO of Nextcloud, Frank Karlitschek about digital sovereignty. There's a lot of attention lately around digital sovereignty and often that conversation also includes Nextcloud. Frank tells us

  14. The Art of Crisis Management with David Bernstein

    Feb 2, 202635m

    Josh talks to David Bernstein about the world of crisis management and business continuity. David is a certified emergency manager and tell us about preparing for both digital and physical disruptions. Everything is IT n

  15. WTF is a passkey with William Brown

    Jan 26, 20261h 2m

    William Brown is back! This time Josh chats with him about Passkeys. WTF are they? A Passkey is a form of multi factor authentication, but it's not super obvious what that really means. William does a fantastic job expla

  16. All about Suricata with Victor Julien

    Jan 19, 202632m

    Josh discusses Suricata with Victor Julien, the founder and lead developer of the project. Victor explains the history of the project, its impact on cybersecurity, and the community that keeps it all running. Challenges

  17. Iocaine poisons bots with Gergely Nagy

    Jan 12, 202640m

    Josh talks to Gergely Nagy (algernon) about his tool Iocaine. Iocaine creates a maze to trap scraping bots in a world a fake pages they cannot escape. algernon tells us how Iocaine effectively traps bots by serving them

  18. Anubis with Xe Iaso

    Jan 5, 202633m

    Josh chats with Xe Iaso, the creator of Anubis the web AI firewall. We discuss how Anubis is tackling bots and scrapers. The discussion around the scrapers is fascinating and challenging, these things are everywhere and

  19. Rustls with Dirkjan and Joe

    Dec 29, 202529m

    Josh talk to Dirkjan and Joe about Rustls (pronounced rustles), a Rust-based TLS library. Dirkjan and Joe are developers on Rustls. We talk about the history that got us to this point. The many many challenges in writing

  20. Daniel Thompson answers: Does the CRA apply to Santa?

    Dec 22, 202547m

    Josh welcomes back Daniel Thompson explore the rather silly question of whether Santa Claus needs to be compliant with the Cyber Resilience Act (CRA). This episode was intended to be silly, but it ended up being an incre

  21. Linux Foundation Europe with Gabriele Columbro

    Dec 15, 202532m

    Josh has a chat with Gabriele Columbro, Executive Director of the Fintech Open Source Foundation and General Manager of Linux Foundation Europe. We of course discuss the Cyber Resilience Act (CRA), the evolving landscape

  22. Updating open source dependencies with Jamie Tanna

    Dec 8, 202529m

    Josh discusses updating open source dependencies with Jamie Tanna. Jamie works on Renovate which gives them a lot of insight into the challenges of keeping your open source updated. We discuss the challenges of semantic

  23. TARmageddon with Alex Zenla

    Dec 1, 202542m

    Josh discusses the TARmageddon vulnerability with Alex Zenla, CTO of Edera. In this episode, we explore the discovery of the TARmageddon vulnerability. It's especially interesting because it's Rust, but also involves mul

  24. Python Security with Seth Larson

    Nov 24, 202531m

    In this episode Seth Larson gives us a cornucopia of topics relating to Python security. Seth discusses the Python Software Foundation's decision to reject a significant grant NSF. Diversity is a big deal to python, so t

  25. Linux Vendor Firmware Service with Richard Hughes

    Nov 17, 202535m

    Josh talks to Richard Hughes about the world of firmware. We cover how Richard's journey from developing the ColorHug led to the creation of the Linux Vendor Firmware Service (LVFS), changing how firmware updates are man