More Open Source Security episodes
Published 5 Jan 2026
Duration: 33:37
Anubis is a web application firewall that uses challenging puzzles to prevent bot abuse, but has encountered issues with unintended user blocking and balancing accessibility and security.
Josh chats with Xe Iaso, the creator of Anubis the web AI firewall. We discuss how Anubis is tackling bots and scrapers. The discussion around the scr...
Anubis is a web application firewall designed to prevent bot abuse by presenting users with computationally expensive challenges that are easy for humans to solve but difficult for bots due to their lack of JavaScript execution or time constraints. Originally developed as a personal project to secure a Git server from automated attacks, it has since been adopted by the United Nations and is under consideration by educational institutions. The system works by sending challenges to browsers, which return results to the server, effectively blocking scrapers and bots that fail to complete them. However, a bug related to odd-numbered CPU cores on certain devices inadvertently blocked legitimate users.
Anubis evaluates trustworthiness using a "request weight" system, a concept inspired by the ancient Egyptian idea of weighing souls. The tool faces the challenge of balancing effective bot deterrence with maintaining user accessibility. Its development has also prompted discussions around open source sustainability, potential monetization models, and the broader impact of automation on online abuse.
11 May 2026 Open source is critical infrastructure with Kat Cosgrove
Maintaining open source infrastructure is critical to prevent security risks from neglected projects, highlighting the need for sustainable funding, corporate collaboration beyond financial support, and systemic reforms to address coordination challenges, dependency fragility, and vulnerabilities.
4 May 2026 How to actually test a disaster plan with David Bernstein
A three-part disaster recovery framework emphasizing simplicity, clear roles, and collaboration, utilizing structured testing via HSEEP, real-world validation, and continuous improvement through exercises, while addressing pitfalls and balancing realism with psychological safety.
27 Apr 2026 Open Source Pledge with Vlad-Stefan Harbuz
Challenges in open source sustainability include undervaluing maintainers, dependency tracking issues, fragmented tooling, burnout, governance flaws, and paradoxical tool sustainability, necessitating financial support, sustainable governance, and collective action for long-term project viability.
20 Apr 2026 Building a plan for disaster with David Bernstein
Adaptive emergency management and disaster recovery demand dynamic strategies, structured frameworks like ISO 22301/NIST, cyclical preparedness, stress testing, stakeholder alignment, and resilience through collaboration and continuous learning to tackle evolving digital and physical risks.
13 Apr 2026 Open Source Malware with Paul McCarty
Open Source Malware (OSM) addresses the gap in detecting intentional malicious open-source components by cataloging threats, de-obfuscating code, extracting indicators of compromise, and providing post-incident data, while tackling challenges like persistent malicious packages, limitations of traditional tools against interpreted languages, fragmented collaboration, AI risks, and the need for improved CI/CD security, audit tools, and balanced AI-human oversight.