More Open Source Security episodes
Published 26 Jan 2026
Duration: 01:02:55
Passkey technology, a passwordless authentication method, offers improved security but faces challenges, including inconsistent definitions and usability issues, as well as concerns over e-waste and user understanding.
William Brown is back! This time Josh chats with him about Passkeys. WTF are they? A Passkey is a form of multi factor authentication, but it's not su...
The podcast explores the development and current status of passkey technology, which is based on earlier standards like U2F and WebAuthn. Passkeys offer a passwordless authentication method by using hardware-based security components, such as YubiKeys, iPhones, or TPMs, and rely on public key cryptography to enable secure logins. However, the discussion highlights several challenges, including inconsistent definitions of passkeys across different platforms and organizations, as well as usability issues like device-bound residency, limited key management options, and reliance on usernames.
Technical difficulties such as cross-device synchronization, high latency, and occasional failures in key enrollment or retentionparticularly on Android and iOSare also mentioned. Although passkeys are viewed as more secure than traditional passwords, their usability remains a challenge for non-technical users. Additionally, concerns about electronic waste due to device limitations and the need for clear communication to help users understand how passkeys workwithout transmitting sensitive information like biometrics over the internetare raised as important considerations for broader adoption.
30 Mar 2026 Open Source Security at scale with Michael Wisner
The Alpha Omega Project addresses open-source security by targeting leverage points like Node.js and Python ecosystems, advocating for systemic solutions, dedicated security roles, sustainable funding, and registry infrastructure improvements to counter fragmented practices and downstream risks.
23 Mar 2026 2026 State of the Software Supply Chain with Brian Fox
The State of the Software Supply Chain Report underscores explosive open source growth (10T annual downloads) paired with critical challenges like malware proliferation (1.2M malicious packages), unresolved vulnerabilities (65% unaddressed), infrastructure strain, AI's dual role in risk (hallucinations) and potential (MCP systems), and urgent needs for improved tools, policies, and cost management amid regulatory and scalability pressures.
16 Mar 2026 MCP and Agent security with Luke Hinds
The text explores AI agent security risks like prompt injection and open-source vulnerabilities, emphasizing the No-NO project's kernel-based sandboxing with a deny-by-default model, hardware enclaves, and Rust-driven efficiency, alongside layered defenses, restricted commands, and collaborative efforts to tackle evolving threats like social engineering and insecure coding practices.
9 Mar 2026 The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer
OpenSSL 3.0 is criticized for increased complexity, performance issues, and insufficient progress in testing and memory safety, sparking debate over its adoption and the need for alternative cryptographic libraries.
2 Mar 2026 Rust coreutils with Sylvestre Ledru
A modern rewrite of Unix command-line tools using Rust aims for memory safety, performance, and maintainability while achieving high compatibility.