Podcast Episodes
Back to Search
Distributed CI and Git with Lars Wirzenius
Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboratio…
Published on 5 months, 1 week ago
FIDO authentication with William Brown
William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect…
Published on 5 months, 2 weeks ago
CRA with Luis Villa
In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the compl…
Published on 5 months, 3 weeks ago
Open Source Malware with Brian Fox
Brian Fox discusses findings from a recent Sonatype report about the growing challenge of malicious packages in open source repositories. At the time of recording there are now over 820,000 malware p…
Published on 5 months, 4 weeks ago
Open Source Foundations with Kelley Misata of Suricata
In this episode Open Source Security talks to Dr. Kelly Masada about the Open Information Security Foundation (OISF). The way OISF is managing Suricata through a foundation is super interesting. T…
Published on 6 months ago
Forking Open Source Projects with Sheogorath
In this episode Open Source Security chats with Sheogorath about HedgeDoc project's journey from HackMD to CodiMD and finally to HedgeDoc. We learn what forking a project looks like, including licens…
Published on 6 months, 2 weeks ago
Patching EOL Open Source with Aaron Frost
In this episode, Open Source Security chats with Aaron Frost, CEO of Hero Devs about the world of maintaining end-of-life open source software. Aaron explains how EOL versions of open source work and…
Published on 6 months, 3 weeks ago
Why do we keep ignoring CI security with François Proulx
François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represents a critical and overlooked hole in our supply ch…
Published on 6 months, 4 weeks ago
Modern day authentication with Marc Boorshtein
In this discussion with Tremolo Security CTO Marc Boorshtein, we explore what modern day Single Sign-On (SSO) looks like. Everyone likes to talk about zero trust, but how does that work? We talk abou…
Published on 7 months ago
Government Security Requirements with Dick Brooks
Dick Brooks from Business Cyber Guardian discusses the landscape of federal software security requirements, we discuss frameworks like CISA's Software Acquisition Guide, Secure Software Development F…
Published on 7 months, 1 week ago