Open Source Security Podcast
1) Linux Foundation Europe with Gabriele Columbro
Josh has a chat with Gabriele Columbro, Executive Director of the Fintech Open Source Foundation and General Manager of Linux Foundation Europe. We of course discuss the Cyber Resilience Act (CRA), th...Show More
2) Updating open source dependencies with Jamie Tanna
Josh discusses updating open source dependencies with Jamie Tanna. Jamie works on Renovate which gives them a lot of insight into the challenges of keeping your open source updated. We discuss the cha...Show More
3) TARmageddon with Alex Zenla
Josh discusses the TARmageddon vulnerability with Alex Zenla, CTO of Edera. In this episode, we explore the discovery of the TARmageddon vulnerability. It's especially interesting because it's Rust, b...Show More
4) Python Security with Seth Larson
In this episode Seth Larson gives us a cornucopia of topics relating to Python security. Seth discusses the Python Software Foundation's decision to reject a significant grant NSF. Diversity is a big ...Show More
5) Linux Vendor Firmware Service with Richard Hughes
Josh talks to Richard Hughes about the world of firmware. We cover how Richard's journey from developing the ColorHug led to the creation of the Linux Vendor Firmware Service (LVFS), changing how firm...Show More
6) NPM supply chain attacks with Charlie Erickson
Josh chats with Charlie Erickson, a security researcher at Aikido Security. We discuss the recent NPM supply chain attacks that affect hundreds of packages. Charlie shares his experiences dealing with...Show More
7) Detecting XZ in Debian with Otto Kekäläinen
In this episode, Josh and Otto dive into the world of Debian packaging, exploring the challenges of supply chain security and the importance of transparency in open source projects. They discuss Otto'...Show More
8) Eclipse Foundation SBOMs with Mikael Barbero
In this conversation, Josh speaks with Mikael Barbero, head of security at the Eclipse Foundation. They discuss the foundation's role in enhancing the security posture of open source projects, the imp...Show More
9) Actually finding vulnerabilities using AI with Joshua Rogers
I chat with Joshua Rogers about a blog post he wrote as well as some bugs he submitted to the curl project. Joshua explains how he went searching for some AI tools to help find security bugs, and foun...Show More
10) Sustaining Package Repositories with Brian Fox
Brian Fox discusses the challenges and future of open source package repository infrastructure. We discuss the complexities of managing public registries, the impact of overconsumption, and the import...Show More