More Open Source Security episodes

The Global Vulnerability Intelligence Platform with Olle Johansson thumbnail

The Global Vulnerability Intelligence Platform with Olle Johansson

Published 16 Feb 2026

Duration: 34:24

Vulnerability management is hindered by the shortcomings of the CVE program, but the proposed Global Vulnerability Intelligence Platform aims to improve global collaboration, standardization, and transparency.

Episode Description

Josh chats with Olle Johansson about the Global Vulnerability Intelligence Platform (GVIP). It's no secret the current vulnerability systems are reach...

Overview

The podcast examines the growing challenges in vulnerability management, particularly highlighting the shortcomings of the CVE (Common Vulnerabilities and Exposures) program. Issues such as its U.S. government-centric structure, lack of standardization, and limited funding are noted as obstacles to effectively managing the rising number of software vulnerabilities. As open source software becomes more widespread and complex, the current vulnerability reporting system is perceived as inadequate and fragmented, leaving gaps in coverage and response.

To address these issues, the Global Vulnerability Intelligence Platform (GVIP) is introduced as a community-driven initiative aiming to improve global collaboration, standardization, and transparency in vulnerability intelligence. The project seeks to broaden funding sources, engage a wider range of stakeholders, and develop more accessible and usable data formats. The discussion emphasizes the need for better governance, stakeholder engagement, and regulatory influence to shift industry priorities toward security. While challenges such as data sharing and sustainability remain, efforts are being made to build a more inclusive and comprehensive vulnerability management system through collaborative events and open initiatives.

Recent Episodes of Open Source Security

22 Jun 2026 Packagist and Composer security with Jordi Boggiano

Strategies for securing open-source ecosystems include malware detection via third-party feeds, transparency logs, rapid incident response, blocking malicious downloads, private registry controls, immutable package releases, standardized workflows, MFA enforcement, and technical proposals like artifact validation and build attestation, while addressing challenges like maintainer hacking, AI risks, usability trade-offs, and the need for ecosystem-wide alignment and human verification.

15 Jun 2026 Sustaining Open VSX with Mike and Thabang

Eclipse Foundation's OpenVSX, a VS Code extension repository, surged to 600M monthly downloads, evolved to a commercial model with enterprise SLAs and security teams, while addressing scalability, open-source balance, and funding challenges for AI expansion.

8 Jun 2026 Hacking your CI/CD with Francois Proulx

Critical vulnerabilities in open source CI/CD pipelines, including hijacking and supply chain attacks via social engineering or compromised builds, are highlighted through incidents like TJ Actions and Ultralytics, with mitigation strategies emphasizing secure credentials, externalized workflows, threat modeling, and tools like *Smoked Meat* and *Bagel* to enhance incident response and supply chain security.

1 Jun 2026 Open source verification with Sal Kimmich

Cybersecurity challenges include complex application ecosystems, overlooked kernel vulnerabilities, supply chain risks, and systemic risks from under-resourced organizations prioritizing surface-level controls, alongside calls for regulatory reforms, proactive threat modeling, secure development practices, and addressing tribal nations' unique legal and sovereignty concerns.

25 May 2026 Vulnerability disclosure with Casey Ellis

The evolution of vulnerability disclosure highlights challenges in prioritizing critical issues, outdated legal frameworks, and the role of initiatives like Disclosed.io in standardizing policies, alongside AI's impact on detection, open-source risks, triage complexities, and the need for collaboration and transparency to address systemic security barriers.

More Open Source Security episodes