More Open Source Security episodes
Published 2 Mar 2026
Duration: 31:06
A modern rewrite of Unix command-line tools using Rust aims for memory safety, performance, and maintainability while achieving high compatibility.
Josh talks to Sylvestre Ledru about the Rust coreutils project. We've been using GNU coreutils for decades now, and the goal of Rust coreutils is to r...
The podcast explores Rust Core Utils, a modern rewrite of fundamental Unix command-line tools like ls, cp, and mv, originally developed in C. The project, revived by Sylvest Ledoux and now included by default in Ubuntu, aims to enhance system utilities using Rusts memory safety, performance, and modern language features. The goal is to create safer, more maintainable tools while preserving compatibility with existing Unix workflows and scripts. Early challenges included addressing script compatibility issues due to undocumented behaviors in GNU Core Utils, but the team achieved 95-96% compatibility through rigorous testing, including running GNUs upstream test suite and contributing improvements to the ecosystem.
The project emphasizes collaboration with GNU to resolve edge cases, such as handling calendar systems and deprecated arguments, while also highlighting Rusts appeal to new developers and its potential to modernize critical infrastructure. Current efforts focus on refining rare corner cases, improving cross-platform support, and ensuring long-term compatibility. Looking ahead, the team aims for broader adoption in Linux distributions and continued community-driven contributions to sustain the projects growth and reliability.
11 May 2026 Open source is critical infrastructure with Kat Cosgrove
Maintaining open source infrastructure is critical to prevent security risks from neglected projects, highlighting the need for sustainable funding, corporate collaboration beyond financial support, and systemic reforms to address coordination challenges, dependency fragility, and vulnerabilities.
4 May 2026 How to actually test a disaster plan with David Bernstein
A three-part disaster recovery framework emphasizing simplicity, clear roles, and collaboration, utilizing structured testing via HSEEP, real-world validation, and continuous improvement through exercises, while addressing pitfalls and balancing realism with psychological safety.
27 Apr 2026 Open Source Pledge with Vlad-Stefan Harbuz
Challenges in open source sustainability include undervaluing maintainers, dependency tracking issues, fragmented tooling, burnout, governance flaws, and paradoxical tool sustainability, necessitating financial support, sustainable governance, and collective action for long-term project viability.
20 Apr 2026 Building a plan for disaster with David Bernstein
Adaptive emergency management and disaster recovery demand dynamic strategies, structured frameworks like ISO 22301/NIST, cyclical preparedness, stress testing, stakeholder alignment, and resilience through collaboration and continuous learning to tackle evolving digital and physical risks.
13 Apr 2026 Open Source Malware with Paul McCarty
Open Source Malware (OSM) addresses the gap in detecting intentional malicious open-source components by cataloging threats, de-obfuscating code, extracting indicators of compromise, and providing post-incident data, while tackling challenges like persistent malicious packages, limitations of traditional tools against interpreted languages, fragmented collaboration, AI risks, and the need for improved CI/CD security, audit tools, and balanced AI-human oversight.