Podcast Episodes
Back to Search
Open source microprocessors with Jan Pleskac
In this episode Jan Pleskac, CEO and co-founder of Tropic Square, shares insights on the challenges and innovations in creating open and auditable ha…
11 months, 3 weeks ago
Package URLs with Philippe Ombredanne
I'm joined by Philippe Ombredanne, creator of the Package URL (PURL), to discuss the surprisingly complex and messy problem of simply identifying ope…
1 year ago
Hobbyist Maintainers with Thomas DePierre
Thomas DePierre joins Open Source Security to discuss the central idea from his blog post, "You are all on the hobbyist maintainers turf now," explor…
1 year ago
STIG automation with Aaron Lippold
I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We ex…
1 year, 1 month ago
Ecosyste.ms with Andrew Nesbitt
I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, …
1 year, 1 month ago
Curl vs AI with Daniel Stenberg
Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's ne…
1 year, 1 month ago
Repository signing with Kairo De Araujo
I recently had a chat with Kairo about a project he maintains called Repository Service for TUF (RSTUF). We explain why TUF is tough (har har har), w…
1 year, 1 month ago
Securing GitHub Actions with William Woodruff
William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Ac…
1 year, 2 months ago
Embedded Security with Paul Asadoorian
Recently, I had the pleasure of chatting with Paul Asadoorian, Principal Security Researcher at Eclypsium and the host of the legendary Paul's Securi…
1 year, 2 months ago
tj-actions with Endor Lab's Dimitri Stiliadis
Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed …
1 year, 2 months ago