More Open Source Security episodes
Published 2 Mar 2026
Duration: 31:06
A modern rewrite of Unix command-line tools using Rust aims for memory safety, performance, and maintainability while achieving high compatibility.
Josh talks to Sylvestre Ledru about the Rust coreutils project. We've been using GNU coreutils for decades now, and the goal of Rust coreutils is to r...
The podcast explores Rust Core Utils, a modern rewrite of fundamental Unix command-line tools like ls, cp, and mv, originally developed in C. The project, revived by Sylvest Ledoux and now included by default in Ubuntu, aims to enhance system utilities using Rusts memory safety, performance, and modern language features. The goal is to create safer, more maintainable tools while preserving compatibility with existing Unix workflows and scripts. Early challenges included addressing script compatibility issues due to undocumented behaviors in GNU Core Utils, but the team achieved 95-96% compatibility through rigorous testing, including running GNUs upstream test suite and contributing improvements to the ecosystem.
The project emphasizes collaboration with GNU to resolve edge cases, such as handling calendar systems and deprecated arguments, while also highlighting Rusts appeal to new developers and its potential to modernize critical infrastructure. Current efforts focus on refining rare corner cases, improving cross-platform support, and ensuring long-term compatibility. Looking ahead, the team aims for broader adoption in Linux distributions and continued community-driven contributions to sustain the projects growth and reliability.
30 Mar 2026 Open Source Security at scale with Michael Wisner
The Alpha Omega Project addresses open-source security by targeting leverage points like Node.js and Python ecosystems, advocating for systemic solutions, dedicated security roles, sustainable funding, and registry infrastructure improvements to counter fragmented practices and downstream risks.
23 Mar 2026 2026 State of the Software Supply Chain with Brian Fox
The State of the Software Supply Chain Report underscores explosive open source growth (10T annual downloads) paired with critical challenges like malware proliferation (1.2M malicious packages), unresolved vulnerabilities (65% unaddressed), infrastructure strain, AI's dual role in risk (hallucinations) and potential (MCP systems), and urgent needs for improved tools, policies, and cost management amid regulatory and scalability pressures.
16 Mar 2026 MCP and Agent security with Luke Hinds
The text explores AI agent security risks like prompt injection and open-source vulnerabilities, emphasizing the No-NO project's kernel-based sandboxing with a deny-by-default model, hardware enclaves, and Rust-driven efficiency, alongside layered defenses, restricted commands, and collaborative efforts to tackle evolving threats like social engineering and insecure coding practices.
9 Mar 2026 The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer
OpenSSL 3.0 is criticized for increased complexity, performance issues, and insufficient progress in testing and memory safety, sparking debate over its adoption and the need for alternative cryptographic libraries.
23 Feb 2026 Goose and the Agentic AI Foundation with Brad Axen
The development and application of AI tools, such as Goose AI, in software development is explored, highlighting challenges and opportunities in using AI-generated code and the evolving role of developers.