Podcast Episodes
Back to Search
Why do we keep ignoring CI security with François Proulx
François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represen…
1 year, 5 months ago
Modern day authentication with Marc Boorshtein
In this discussion with Tremolo Security CTO Marc Boorshtein, we explore what modern day Single Sign-On (SSO) looks like. Everyone likes to talk abou…
1 year, 5 months ago
Government Security Requirements with Dick Brooks
Dick Brooks from Business Cyber Guardian discusses the landscape of federal software security requirements, we discuss frameworks like CISA's Softwar…
1 year, 5 months ago
Open Source Maintenance with Gary Kramlich
In this episode, Gary Kramlich, the lead developer of Pidgin discusses the challenges and strategies of maintaining a 26-year-old open source messagi…
1 year, 5 months ago
Safety vs Security with Thomas Depierre
In this episode of Open Source Security, Josh welcomes Thomas Depierre, a Site Reliability Engineer and open source maintainer, to discuss the inters…
1 year, 6 months ago
The Future of Open Source Security
It's a new year and time for some changes to the opensourcesecurity.io website.
It's time to retire the podcast, but that's to make way for somethi…
1 year, 6 months ago
The new NIST password guidance
Episode 461
Josh and Kurt talk about new NIST password guidance. There's some really good stuff in this new document. Ideas like usability and equity show up (wh…
1 year, 6 months ago
Santa's Supply Chain Security
Episode 460
Josh and Kurt talk about the supply chain of Santa. Does he purchase all those things? Are they counterfeit goods? Are they acquired some other way? …
1 year, 6 months ago
CWE Top 25 List
Episode 459
Josh and Kurt talk about a CWE Top 25 list from MITRE. The list itself is fine, but we discuss why the list looks the way it does (it's because of Wo…
1 year, 6 months ago
FBI endorses E2E encryption
Episode 458
Josh and Kurt talk about the FBI telling everyone to use end to end encrypted messengers. This is a pretty drastic deviation from messages in the pas…
1 year, 7 months ago