More Open Source Security episodes
Published 5 Jan 2026
Duration: 33:37
Anubis is a web application firewall that uses challenging puzzles to prevent bot abuse, but has encountered issues with unintended user blocking and balancing accessibility and security.
Josh chats with Xe Iaso, the creator of Anubis the web AI firewall. We discuss how Anubis is tackling bots and scrapers. The discussion around the scr...
Anubis is a web application firewall designed to prevent bot abuse by presenting users with computationally expensive challenges that are easy for humans to solve but difficult for bots due to their lack of JavaScript execution or time constraints. Originally developed as a personal project to secure a Git server from automated attacks, it has since been adopted by the United Nations and is under consideration by educational institutions. The system works by sending challenges to browsers, which return results to the server, effectively blocking scrapers and bots that fail to complete them. However, a bug related to odd-numbered CPU cores on certain devices inadvertently blocked legitimate users.
Anubis evaluates trustworthiness using a "request weight" system, a concept inspired by the ancient Egyptian idea of weighing souls. The tool faces the challenge of balancing effective bot deterrence with maintaining user accessibility. Its development has also prompted discussions around open source sustainability, potential monetization models, and the broader impact of automation on online abuse.
30 Mar 2026 Open Source Security at scale with Michael Wisner
The Alpha Omega Project addresses open-source security by targeting leverage points like Node.js and Python ecosystems, advocating for systemic solutions, dedicated security roles, sustainable funding, and registry infrastructure improvements to counter fragmented practices and downstream risks.
23 Mar 2026 2026 State of the Software Supply Chain with Brian Fox
The State of the Software Supply Chain Report underscores explosive open source growth (10T annual downloads) paired with critical challenges like malware proliferation (1.2M malicious packages), unresolved vulnerabilities (65% unaddressed), infrastructure strain, AI's dual role in risk (hallucinations) and potential (MCP systems), and urgent needs for improved tools, policies, and cost management amid regulatory and scalability pressures.
16 Mar 2026 MCP and Agent security with Luke Hinds
The text explores AI agent security risks like prompt injection and open-source vulnerabilities, emphasizing the No-NO project's kernel-based sandboxing with a deny-by-default model, hardware enclaves, and Rust-driven efficiency, alongside layered defenses, restricted commands, and collaborative efforts to tackle evolving threats like social engineering and insecure coding practices.
9 Mar 2026 The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer
OpenSSL 3.0 is criticized for increased complexity, performance issues, and insufficient progress in testing and memory safety, sparking debate over its adoption and the need for alternative cryptographic libraries.
2 Mar 2026 Rust coreutils with Sylvestre Ledru
A modern rewrite of Unix command-line tools using Rust aims for memory safety, performance, and maintainability while achieving high compatibility.