Open Source Security is a podcast to educate both developers and users on how open source security works.
Episodes
11 May 2026
Maintaining open source infrastructure is critical to prevent security risks from neglected projects, highlighting the need for sustainable funding, corporate collaboration beyond financial support, and systemic reforms to address coordination challenges, dependency fragility, and vulnerabilities.
Open episode
4 May 2026
A three-part disaster recovery framework emphasizing simplicity, clear roles, and collaboration, utilizing structured testing via HSEEP, real-world validation, and continuous improvement through exercises, while addressing pitfalls and balancing realism with psychological safety.
Open episode
27 Apr 2026
Challenges in open source sustainability include undervaluing maintainers, dependency tracking issues, fragmented tooling, burnout, governance flaws, and paradoxical tool sustainability, necessitating financial support, sustainable governance, and collective action for long-term project viability.
Open episode
20 Apr 2026
Adaptive emergency management and disaster recovery demand dynamic strategies, structured frameworks like ISO 22301/NIST, cyclical preparedness, stress testing, stakeholder alignment, and resilience through collaboration and continuous learning to tackle evolving digital and physical risks.
Open episode
13 Apr 2026
Open Source Malware (OSM) addresses the gap in detecting intentional malicious open-source components by cataloging threats, de-obfuscating code, extracting indicators of compromise, and providing post-incident data, while tackling challenges like persistent malicious packages, limitations of traditional tools against interpreted languages, fragmented collaboration, AI risks, and the need for improved CI/CD security, audit tools, and balanced AI-human oversight.
Open episode
6 Apr 2026
Challenges in package management across ecosystems demand standardization to address fragmentation in naming, versioning, and dependencies, interoperability gaps between system-level and language-specific tools, SBOM scanner inconsistencies, and cross-ecosystem complexity, urging collaboration on shared specs and protocols despite cultural and practical barriers.
Open episode
30 Mar 2026
The Alpha Omega Project addresses open-source security by targeting leverage points like Node.js and Python ecosystems, advocating for systemic solutions, dedicated security roles, sustainable funding, and registry infrastructure improvements to counter fragmented practices and downstream risks.
Open episode
23 Mar 2026
The State of the Software Supply Chain Report underscores explosive open source growth (10T annual downloads) paired with critical challenges like malware proliferation (1.2M malicious packages), unresolved vulnerabilities (65% unaddressed), infrastructure strain, AI's dual role in risk (hallucinations) and potential (MCP systems), and urgent needs for improved tools, policies, and cost management amid regulatory and scalability pressures.
Open episode
16 Mar 2026
The text explores AI agent security risks like prompt injection and open-source vulnerabilities, emphasizing the No-NO project's kernel-based sandboxing with a deny-by-default model, hardware enclaves, and Rust-driven efficiency, alongside layered defenses, restricted commands, and collaborative efforts to tackle evolving threats like social engineering and insecure coding practices.
Open episode
9 Mar 2026
OpenSSL 3.0 is criticized for increased complexity, performance issues, and insufficient progress in testing and memory safety, sparking debate over its adoption and the need for alternative cryptographic libraries.
Open episode