Open Source Security

Open Source Security thumbnail

Open Source Security is a podcast to educate both developers and users on how open source security works.

Categories:

Links

Episodes

Showing 1-10 of 25

Packagist and Composer security with Jordi Boggiano thumbnail

Packagist and Composer security with Jordi Boggiano

22 Jun 2026

Strategies for securing open-source ecosystems include malware detection via third-party feeds, transparency logs, rapid incident response, blocking malicious downloads, private registry controls, immutable package releases, standardized workflows, MFA enforcement, and technical proposals like artifact validation and build attestation, while addressing challenges like maintainer hacking, AI risks, usability trade-offs, and the need for ecosystem-wide alignment and human verification.

Open episode
Sustaining Open VSX with Mike and Thabang thumbnail

Sustaining Open VSX with Mike and Thabang

15 Jun 2026

Eclipse Foundation's OpenVSX, a VS Code extension repository, surged to 600M monthly downloads, evolved to a commercial model with enterprise SLAs and security teams, while addressing scalability, open-source balance, and funding challenges for AI expansion.

Open episode
Hacking your CI/CD with Francois Proulx thumbnail

Hacking your CI/CD with Francois Proulx

8 Jun 2026

Critical vulnerabilities in open source CI/CD pipelines, including hijacking and supply chain attacks via social engineering or compromised builds, are highlighted through incidents like TJ Actions and Ultralytics, with mitigation strategies emphasizing secure credentials, externalized workflows, threat modeling, and tools like *Smoked Meat* and *Bagel* to enhance incident response and supply chain security.

Open episode
Open source verification with Sal Kimmich thumbnail

Open source verification with Sal Kimmich

1 Jun 2026

Cybersecurity challenges include complex application ecosystems, overlooked kernel vulnerabilities, supply chain risks, and systemic risks from under-resourced organizations prioritizing surface-level controls, alongside calls for regulatory reforms, proactive threat modeling, secure development practices, and addressing tribal nations' unique legal and sovereignty concerns.

Open episode
Vulnerability disclosure with Casey Ellis thumbnail

Vulnerability disclosure with Casey Ellis

25 May 2026

The evolution of vulnerability disclosure highlights challenges in prioritizing critical issues, outdated legal frameworks, and the role of initiatives like Disclosed.io in standardizing policies, alongside AI's impact on detection, open-source risks, triage complexities, and the need for collaboration and transparency to address systemic security barriers.

Open episode
F-Driod the open app store with Hans thumbnail

F-Driod the open app store with Hans

18 May 2026

F-Droid, an open-source Android app store modeled on Linux distributions, emphasizes security and transparency through source-code verification, contrasting with fragmented alternatives and corporate control, while addressing Android's ecosystem challenges and efforts to preserve open-source principles.

Open episode
Open source is critical infrastructure with Kat Cosgrove thumbnail

Open source is critical infrastructure with Kat Cosgrove

11 May 2026

Maintaining open source infrastructure is critical to prevent security risks from neglected projects, highlighting the need for sustainable funding, corporate collaboration beyond financial support, and systemic reforms to address coordination challenges, dependency fragility, and vulnerabilities.

Open episode
How to actually test a disaster plan with David Bernstein thumbnail

How to actually test a disaster plan with David Bernstein

4 May 2026

A three-part disaster recovery framework emphasizing simplicity, clear roles, and collaboration, utilizing structured testing via HSEEP, real-world validation, and continuous improvement through exercises, while addressing pitfalls and balancing realism with psychological safety.

Open episode
Open Source Pledge with Vlad-Stefan Harbuz thumbnail

Open Source Pledge with Vlad-Stefan Harbuz

27 Apr 2026

Challenges in open source sustainability include undervaluing maintainers, dependency tracking issues, fragmented tooling, burnout, governance flaws, and paradoxical tool sustainability, necessitating financial support, sustainable governance, and collective action for long-term project viability.

Open episode
Building a plan for disaster with David Bernstein thumbnail

Building a plan for disaster with David Bernstein

20 Apr 2026

Adaptive emergency management and disaster recovery demand dynamic strategies, structured frameworks like ISO 22301/NIST, cyclical preparedness, stress testing, stakeholder alignment, and resilience through collaboration and continuous learning to tackle evolving digital and physical risks.

Open episode

Showing 1-10 of 25