Open Source Security is a podcast to educate both developers and users on how open source security works.
Episodes
30 Mar 2026
The Alpha Omega Project addresses open-source security by targeting leverage points like Node.js and Python ecosystems, advocating for systemic solutions, dedicated security roles, sustainable funding, and registry infrastructure improvements to counter fragmented practices and downstream risks.
Open episode
23 Mar 2026
The State of the Software Supply Chain Report underscores explosive open source growth (10T annual downloads) paired with critical challenges like malware proliferation (1.2M malicious packages), unresolved vulnerabilities (65% unaddressed), infrastructure strain, AI's dual role in risk (hallucinations) and potential (MCP systems), and urgent needs for improved tools, policies, and cost management amid regulatory and scalability pressures.
Open episode
16 Mar 2026
The text explores AI agent security risks like prompt injection and open-source vulnerabilities, emphasizing the No-NO project's kernel-based sandboxing with a deny-by-default model, hardware enclaves, and Rust-driven efficiency, alongside layered defenses, restricted commands, and collaborative efforts to tackle evolving threats like social engineering and insecure coding practices.
Open episode
9 Mar 2026
OpenSSL 3.0 is criticized for increased complexity, performance issues, and insufficient progress in testing and memory safety, sparking debate over its adoption and the need for alternative cryptographic libraries.
Open episode
2 Mar 2026
A modern rewrite of Unix command-line tools using Rust aims for memory safety, performance, and maintainability while achieving high compatibility.
Open episode
23 Feb 2026
The development and application of AI tools, such as Goose AI, in software development is explored, highlighting challenges and opportunities in using AI-generated code and the evolving role of developers.
Open episode
16 Feb 2026
Vulnerability management is hindered by the shortcomings of the CVE program, but the proposed Global Vulnerability Intelligence Platform aims to improve global collaboration, standardization, and transparency.
Open episode
9 Feb 2026
The Nextcloud podcast explores its evolution as an open-source collaboration platform that promotes digital sovereignty, offering users self-hosted data and software, avoiding vendor lock-in and empowering data portability and transparency.
Open episode
2 Feb 2026
Emergency management and business continuity planning are critical for organizations to proactively identify and prepare for potential disruptions.
Open episode
26 Jan 2026
Passkey technology, a passwordless authentication method, offers improved security but faces challenges, including inconsistent definitions and usability issues, as well as concerns over e-waste and user understanding.
Open episode