More Open Source Security episodes
Published 26 Jan 2026
Duration: 01:02:55
Passkey technology, a passwordless authentication method, offers improved security but faces challenges, including inconsistent definitions and usability issues, as well as concerns over e-waste and user understanding.
William Brown is back! This time Josh chats with him about Passkeys. WTF are they? A Passkey is a form of multi factor authentication, but it's not su...
The podcast explores the development and current status of passkey technology, which is based on earlier standards like U2F and WebAuthn. Passkeys offer a passwordless authentication method by using hardware-based security components, such as YubiKeys, iPhones, or TPMs, and rely on public key cryptography to enable secure logins. However, the discussion highlights several challenges, including inconsistent definitions of passkeys across different platforms and organizations, as well as usability issues like device-bound residency, limited key management options, and reliance on usernames.
Technical difficulties such as cross-device synchronization, high latency, and occasional failures in key enrollment or retentionparticularly on Android and iOSare also mentioned. Although passkeys are viewed as more secure than traditional passwords, their usability remains a challenge for non-technical users. Additionally, concerns about electronic waste due to device limitations and the need for clear communication to help users understand how passkeys workwithout transmitting sensitive information like biometrics over the internetare raised as important considerations for broader adoption.
11 May 2026 Open source is critical infrastructure with Kat Cosgrove
Maintaining open source infrastructure is critical to prevent security risks from neglected projects, highlighting the need for sustainable funding, corporate collaboration beyond financial support, and systemic reforms to address coordination challenges, dependency fragility, and vulnerabilities.
4 May 2026 How to actually test a disaster plan with David Bernstein
A three-part disaster recovery framework emphasizing simplicity, clear roles, and collaboration, utilizing structured testing via HSEEP, real-world validation, and continuous improvement through exercises, while addressing pitfalls and balancing realism with psychological safety.
27 Apr 2026 Open Source Pledge with Vlad-Stefan Harbuz
Challenges in open source sustainability include undervaluing maintainers, dependency tracking issues, fragmented tooling, burnout, governance flaws, and paradoxical tool sustainability, necessitating financial support, sustainable governance, and collective action for long-term project viability.
20 Apr 2026 Building a plan for disaster with David Bernstein
Adaptive emergency management and disaster recovery demand dynamic strategies, structured frameworks like ISO 22301/NIST, cyclical preparedness, stress testing, stakeholder alignment, and resilience through collaboration and continuous learning to tackle evolving digital and physical risks.
13 Apr 2026 Open Source Malware with Paul McCarty
Open Source Malware (OSM) addresses the gap in detecting intentional malicious open-source components by cataloging threats, de-obfuscating code, extracting indicators of compromise, and providing post-incident data, while tackling challenges like persistent malicious packages, limitations of traditional tools against interpreted languages, fragmented collaboration, AI risks, and the need for improved CI/CD security, audit tools, and balanced AI-human oversight.