More Open Source Security episodes
Published 16 Feb 2026
Duration: 34:24
Vulnerability management is hindered by the shortcomings of the CVE program, but the proposed Global Vulnerability Intelligence Platform aims to improve global collaboration, standardization, and transparency.
Josh chats with Olle Johansson about the Global Vulnerability Intelligence Platform (GVIP). It's no secret the current vulnerability systems are reach...
The podcast examines the growing challenges in vulnerability management, particularly highlighting the shortcomings of the CVE (Common Vulnerabilities and Exposures) program. Issues such as its U.S. government-centric structure, lack of standardization, and limited funding are noted as obstacles to effectively managing the rising number of software vulnerabilities. As open source software becomes more widespread and complex, the current vulnerability reporting system is perceived as inadequate and fragmented, leaving gaps in coverage and response.
To address these issues, the Global Vulnerability Intelligence Platform (GVIP) is introduced as a community-driven initiative aiming to improve global collaboration, standardization, and transparency in vulnerability intelligence. The project seeks to broaden funding sources, engage a wider range of stakeholders, and develop more accessible and usable data formats. The discussion emphasizes the need for better governance, stakeholder engagement, and regulatory influence to shift industry priorities toward security. While challenges such as data sharing and sustainability remain, efforts are being made to build a more inclusive and comprehensive vulnerability management system through collaborative events and open initiatives.
11 May 2026 Open source is critical infrastructure with Kat Cosgrove
Maintaining open source infrastructure is critical to prevent security risks from neglected projects, highlighting the need for sustainable funding, corporate collaboration beyond financial support, and systemic reforms to address coordination challenges, dependency fragility, and vulnerabilities.
4 May 2026 How to actually test a disaster plan with David Bernstein
A three-part disaster recovery framework emphasizing simplicity, clear roles, and collaboration, utilizing structured testing via HSEEP, real-world validation, and continuous improvement through exercises, while addressing pitfalls and balancing realism with psychological safety.
27 Apr 2026 Open Source Pledge with Vlad-Stefan Harbuz
Challenges in open source sustainability include undervaluing maintainers, dependency tracking issues, fragmented tooling, burnout, governance flaws, and paradoxical tool sustainability, necessitating financial support, sustainable governance, and collective action for long-term project viability.
20 Apr 2026 Building a plan for disaster with David Bernstein
Adaptive emergency management and disaster recovery demand dynamic strategies, structured frameworks like ISO 22301/NIST, cyclical preparedness, stress testing, stakeholder alignment, and resilience through collaboration and continuous learning to tackle evolving digital and physical risks.
13 Apr 2026 Open Source Malware with Paul McCarty
Open Source Malware (OSM) addresses the gap in detecting intentional malicious open-source components by cataloging threats, de-obfuscating code, extracting indicators of compromise, and providing post-incident data, while tackling challenges like persistent malicious packages, limitations of traditional tools against interpreted languages, fragmented collaboration, AI risks, and the need for improved CI/CD security, audit tools, and balanced AI-human oversight.