More Open Source Security episodes
Published 23 Feb 2026
Duration: 29:53
The development and application of AI tools, such as Goose AI, in software development is explored, highlighting challenges and opportunities in using AI-generated code and the evolving role of developers.
Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but...
The podcast discusses the advancement and application of agentic AI tools, particularly focusing on Goose AI, an AI coding assistant developed by Block (formerly Square). This tool enables users to build code and manage tasks through both command-line and graphical user interface methods, reflecting a shift in software development where users can convey their needs in natural language rather than writing code manually. However, achieving reliable results requires precise instructions and iterative refinement, as AI-generated code can have quality issues, especially in open-source projects, highlighting the need for improved code review practices.
The conversation also addresses broader efforts to standardize AI agent interactions, including initiatives like the Agentic AI Foundation, which is working on protocols such as MCP and ACP. Goose AI is presented as an example of these protocols in action. The discussion emphasizes the importance of human oversight in AI-assisted coding and considers the evolving role of developers as AI tools become more integrated into the development process. Looking ahead, the podcast anticipates more intuitive and efficient interfaces for AI-driven software development.
11 May 2026 Open source is critical infrastructure with Kat Cosgrove
Maintaining open source infrastructure is critical to prevent security risks from neglected projects, highlighting the need for sustainable funding, corporate collaboration beyond financial support, and systemic reforms to address coordination challenges, dependency fragility, and vulnerabilities.
4 May 2026 How to actually test a disaster plan with David Bernstein
A three-part disaster recovery framework emphasizing simplicity, clear roles, and collaboration, utilizing structured testing via HSEEP, real-world validation, and continuous improvement through exercises, while addressing pitfalls and balancing realism with psychological safety.
27 Apr 2026 Open Source Pledge with Vlad-Stefan Harbuz
Challenges in open source sustainability include undervaluing maintainers, dependency tracking issues, fragmented tooling, burnout, governance flaws, and paradoxical tool sustainability, necessitating financial support, sustainable governance, and collective action for long-term project viability.
20 Apr 2026 Building a plan for disaster with David Bernstein
Adaptive emergency management and disaster recovery demand dynamic strategies, structured frameworks like ISO 22301/NIST, cyclical preparedness, stress testing, stakeholder alignment, and resilience through collaboration and continuous learning to tackle evolving digital and physical risks.
13 Apr 2026 Open Source Malware with Paul McCarty
Open Source Malware (OSM) addresses the gap in detecting intentional malicious open-source components by cataloging threats, de-obfuscating code, extracting indicators of compromise, and providing post-incident data, while tackling challenges like persistent malicious packages, limitations of traditional tools against interpreted languages, fragmented collaboration, AI risks, and the need for improved CI/CD security, audit tools, and balanced AI-human oversight.