More Open Source Security episodes
Published 23 Feb 2026
Duration: 29:53
The development and application of AI tools, such as Goose AI, in software development is explored, highlighting challenges and opportunities in using AI-generated code and the evolving role of developers.
Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but...
The podcast discusses the advancement and application of agentic AI tools, particularly focusing on Goose AI, an AI coding assistant developed by Block (formerly Square). This tool enables users to build code and manage tasks through both command-line and graphical user interface methods, reflecting a shift in software development where users can convey their needs in natural language rather than writing code manually. However, achieving reliable results requires precise instructions and iterative refinement, as AI-generated code can have quality issues, especially in open-source projects, highlighting the need for improved code review practices.
The conversation also addresses broader efforts to standardize AI agent interactions, including initiatives like the Agentic AI Foundation, which is working on protocols such as MCP and ACP. Goose AI is presented as an example of these protocols in action. The discussion emphasizes the importance of human oversight in AI-assisted coding and considers the evolving role of developers as AI tools become more integrated into the development process. Looking ahead, the podcast anticipates more intuitive and efficient interfaces for AI-driven software development.
30 Mar 2026 Open Source Security at scale with Michael Wisner
The Alpha Omega Project addresses open-source security by targeting leverage points like Node.js and Python ecosystems, advocating for systemic solutions, dedicated security roles, sustainable funding, and registry infrastructure improvements to counter fragmented practices and downstream risks.
23 Mar 2026 2026 State of the Software Supply Chain with Brian Fox
The State of the Software Supply Chain Report underscores explosive open source growth (10T annual downloads) paired with critical challenges like malware proliferation (1.2M malicious packages), unresolved vulnerabilities (65% unaddressed), infrastructure strain, AI's dual role in risk (hallucinations) and potential (MCP systems), and urgent needs for improved tools, policies, and cost management amid regulatory and scalability pressures.
16 Mar 2026 MCP and Agent security with Luke Hinds
The text explores AI agent security risks like prompt injection and open-source vulnerabilities, emphasizing the No-NO project's kernel-based sandboxing with a deny-by-default model, hardware enclaves, and Rust-driven efficiency, alongside layered defenses, restricted commands, and collaborative efforts to tackle evolving threats like social engineering and insecure coding practices.
9 Mar 2026 The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer
OpenSSL 3.0 is criticized for increased complexity, performance issues, and insufficient progress in testing and memory safety, sparking debate over its adoption and the need for alternative cryptographic libraries.
2 Mar 2026 Rust coreutils with Sylvestre Ledru
A modern rewrite of Unix command-line tools using Rust aims for memory safety, performance, and maintainability while achieving high compatibility.