OpenSSF - Podcast Details

Shows

$What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast A Deep Dive into the Open Source Project Security (OSPS) BaselineIn this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstrate their project's security posture and fostering confidence in open source projects. They explore its integration with other OpenSSF projects, real-world applications like the GUAC case study, and its value to maintainers and stakeholders. The role of documentation in security is emphasized, ensuring secure software deployment. The effectiveness of the baseline is validated through real-world applications and refined by community feedback, with future...

2025-11-0432 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security LeaderIn this episode of What’s in the SOSS, host Yesenia Yser sits down with Seth Larson, Security Developer in Residence at the Python Software Foundation, as he shares his unique perspective on open source security. From his Minneapolis base, Seth discusses his journey from urllib3 maintainer to leading security initiatives across the Python ecosystem. In this episode, we explore how public documentation shapes security work, the importance of supporting maintainers both technically and emotionally, and the art of building trust in open source communities. Seth also shares insights on engaging with academic communities, the evolution of secure-by-default practices, an...

2025-10-2121 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast New Education Course: Secure AI/ML-Driven Software Development (LFEL1012) with David A. WheelerIn this episode of “What’s In The SOSS,” Yesenia interviews David A. Wheeler, the Director of Open Source Supply Chain Security at the Linux Foundation. They discuss the importance of secure software development, particularly in the context of AI and machine learning. David shares insights from his extensive experience in the field, emphasizing the need for both education and tools to ensure security. The conversation also touches on common misconceptions about AI, the relevance of digital badges for developers, and the structure of a new course aimed at teaching secure AI practices. David highlights the evolving nature of softwa...

2025-10-1638 min

GR-OSS OUT Podcast Building Welcoming Communities with Stacey PotterTabitha Diaminico from G Research sits down with Stacey Potter, Manager of Community at the Open Source Security Foundation (OpenSSF), to explore what makes open source communities thrive. Stacey shares her unique journey through open source—from working at a license compliance company to shepherding projects like Flux through CNCF graduation, and now building inclusive communities at OpenSSF. Discover the practical strategies for welcoming new contributors, the surprising parallels between marketing and community building, and why people are truly the heart of open source. Whether you're a seasoned maintainer looking to grow your project, a developer considering yo...

2025-10-1324 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast The Remediation Revolution: How AI Agents Are Transforming Open Source Security with John Amaral of Root.ioIn this episode of What's in the SOSS, CRob sits down with John Amaral from Root.io to explore the evolving landscape of open source security and vulnerability management. They discuss how AI and LLM technologies are revolutionizing the way we approach security challenges, from the shift away from traditional "scan and triage" methodologies to an emerging "fix first" approach powered by agentic systems. John shares insights on the democratization of coding through AI tools, the unique security challenges of containerized environments versus traditional VMs, and how modern developers can leverage AI as a "pair programmer" and security analyst...

2025-10-0722 min

FINOS Open Source in Finance Podcast OSFF New York Day 2 Preview — AI Tracks, Security Deep Dives, and Lightning Hot Topics | Grizz Griswold🚀 Highlights from #OSFFNewYork by FINOS – the premier open source in finance conference.Join us at the Open Source in Finance Forum (Oct 21–22, 2025): https://hubs.ly/Q03z9D9D0In this episode (podcast preview):Grizz Griswold, Head of Marketing, FINOSDay 2 is built for builders and risk leaders alike—two AI tracks, a full OpenSSF security program, a Confidential Computing Consortium security track (details incoming), and a fast-moving Hot Topics lightning series.Open Source, AI-Powered Industry (developer/engineering focus): Hands-on sessions on AI-native software development, neuro-symbolic techniques, workforce augmentation with agents, adoption...

2025-09-2414 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr ProjectIn this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional path into open source as a manager rather than a developer, navigating complex legal challenges to get Motorola's contributions upstream. Now a decade into her tenure at the Linux Foundation, Kate leads critical initiatives in safety-critical open source software, including the Zephyr RTOS project and ELISA, while being instrumental in the evolution of SPDX and Software Bill of Materials (SBOM). She breaks down the different types of SBOMs, explains how the Zephyr project became a...

2025-09-2334 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto ExpertsThe quantum threat is real, and the clock is ticking. With government deadlines set for 2030, organizations have just five years to migrate their cryptographic infrastructure before quantum computers can break current RSA and elliptic curve systems. In this episode of "What's in the SOSS," join host Yesenia Yser as she sits down with David Hook (VP Software Engineering) and Tomas Gustavsson (Chief PKI Officer) from Keyfactor to break down post-quantum cryptography, from ELI5 explanations of quantum-safe algorithms to the critical importance of crypto agility and entropy. Learn why the financial sector and supply chain security are leading t...

2025-09-0930 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML InitiativesIn this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in the OpenSSF's AI/ML working group. Sarah discusses the critical work being done to extend secure software development practices to the rapidly evolving field of AI. She dives into the AI Model Signing project, the groundbreaking MLOps white paper developed in partnership with Ericsson, and the crucial work of identifying and addressing new personas in AI/ML operations. Tune in to learn how OpenSSF is shaping the future of AI security and what challenges and opportunities...

2025-08-2614 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Open Source Security: OSTIF's 10-Year Journey of Collaborative AuditsIn this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert third-party reviews, without creating fear or overwhelming developers.Episode Chapters:00:00 Introduction00:22 Podcast Welcome01:04 OSTIF Founders Introduction02:31 OSTIF's Mission and Approach05:28 Relationship Management and Expertise08:01 Evolution of Security Engagement Methods12:15 Making Security Audits Less Intimidating18:00 Rapid Fire Questions20:45 Closing, Call to ActionEpisode links:

2025-08-1225 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast From Compliance to Community: Meeting CRA Requirements TogetherIn this episode of 'What's in the SOSS” CRob dives deep into the Erlang ecosystem with Jonatan Männchen (CISO, Erlang Ecosystem Foundation), Ulf (Product Owner, Herrmann Ultraschall), and Michael Winser (Alpha Omega). This episode explores the critical importance of security in open source, particularly in light of regulations like the CRA. Hear how the Erlang community is proactively addressing security concerns by bringing in experts, fostering collaboration, and building trust. Discover why manufacturers are investing in upstream projects and how other ecosystems can learn from their approach. This conversation highlights the value of community, transparency, and the essential rol...

2025-07-2931 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Building India's Open Source Security Community: From Developer Nation to Security ChampionsJoin CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world's largest developer communities. Ram shares his journey from computer science professor to developer evangelist, discusses the launch of LF India, and reveals why getting developers excited about security tools remains one of his biggest challenges. From spicy food preferences to Star Trek vs. Star Wars debates, this episode offers both insights into global open source security efforts and a glimpse into the passionate community builders making it happen.

2025-07-1518 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast From Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building CommunityIn this episode of What’s in the SOSS? host Yesenia Yser sits down with open source security engineer and community leader Tabatha DiDomenico for an inspiring conversation about her unexpected path into open source, the vibrant communities behind security, and her role as president of BSides Orlando.From discovering Netscape in the early days to shaping security strategy at G-Research and OpenSSF, Tabatha shares how her career evolved from necessity to purpose. She talks about the power of DevRel, the invisible work behind sustainable open source, and the magic of volunteering - pro-tip: working the registration ta...

2025-07-0129 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Bridging DevOps and Security: Tracy Reagan on the Future of Open SourceIn this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF, Tracy shares her journey through the ever-evolving world of open source security.We dig into the importance of configuration management, what DevSecOps really means, and how projects like the OpenSSF Scorecard and Ortelius help make our software supply chains more transparent and secure. Plus, we tackle the education gap between security pros and DevOps engineers—an...

2025-06-1720 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Yoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé HayesIn this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how she found inspiration for her TED Talk in the wisdom of Yoda. The two discuss the myths around DEIA, how the Jedi Council reflects ideal collaboration, and why unlearning old beliefs is key to progress. Plus, stay for the rapid-fire questions and discover if Dr. Hayes is more Mar...

2025-06-0319 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Cybersecurity Framework LaunchIn this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey into open source, the role of LF Education in supporting the community, and the importance of cybersecurity education. They also delve into the development of the Global IT Cyber Skills Framework, emphasizing the need for continuous learning and community engagement in the tech industry.Chapters:00:00 Introduction to Open Source and LF Education02:59 Clyde's Journey into Open Source05:54 The Role of LF Education in Open Source09:00 Cybersecurity and the Global IT Cyber Skills Framework11:59 Framework...

2025-05-2020 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Scaling Security: Inside the GitHub Securing Open Source Software FundIn this episode of What’s in the SOSS?, CRob sits down with Kevin Crosby and Xavier Rene-Corail from GitHub to unpack the GitHub Secure Open Source Fund - an innovative program that combines funding, education, and community to strengthen open source security. Learn how this unique initiative connects maintainers with training, resources, and a $10K stipend to scale security best practices. The trio also shares the origins of the fund, surprising takeaways from the first cohort, and what’s next for this rapidly growing initiative.Chapters:00:00 – Introduction00:58 – Meet the Guests02:26 – Open Source Ori...

2025-05-1326 min

Open at Intel Demystifying Cyber Resilience and the Tools That Help In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into...

2025-05-0821 min

2025-05-0821 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey PotterIn this special episode of What’s in the SoSS?, we welcome Stacey Potter, the new Community Manager at the Open Source Security Foundation (OpenSSF). Stacey shares her winding journey from managing operations at a vitamin company to becoming a powerful advocate and connector in the open source world. We explore her community-first mindset, her work with CNCF and Platform Engineering Day, and her passion for inclusion and authenticity. Whether you're curious about how to get started in open source or want insight into how community shapes security, this episode is for you.Ch...

2025-05-0621 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Secure Software Starts with Awareness: Education & Open Source with the Council of DavesIn this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversation covers key initiatives like the LFD121 course, upcoming resources on the EU Cyber Resilience Act, and how AI is shifting the landscape.Whether you're a developer, manager, or just open source curious, this is your crash course i...

2025-04-2224 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSFIn this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” what drew him into the world of open source, and how his decades of experience as a consumer of open source software are shaping his vision for the Foundation.00:21 Welcome & Introductions00:57 Steve’s Tech Journey03:13 Why OpenSSF?05:02 The Role of Security & Strategic Vision08:17 Rapid Fire & Final Thoughts

2025-04-1511 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at ScaleRobin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares her journey, insights on community-led development, and how OpenJS is building a healthier future for the JavaScript ecosystem.Learn more and register for JSConf North America: https://events.linuxfoundation.org/jsconf-north-america/register/Chapters:0:00 JavaScript's Critical Web Presence0:51 Robin Ginn Introduces OpenJS Foundation2:01 Core Challenges Facing JavaScript Ecosystem4:12 Managing Older Pr...

2025-04-0817 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Empowering Security: Yesenia Yser on Open Source, AI, and Personal BrandingIn this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Red Hat to pioneering AI security at Microsoft. Learn how Yesenia blends her passion for cybersecurity, Brazilian jiu-jitsu, and empowering communities—especially women—to shape her personal brand and advocacy efforts. Don't miss this lively conversation full of actionable insights for anyone interested in cybersecurity, open source communities, and personal growth.Episode Highlights:00:18 – Introduction to Yeseni...

2025-03-2517 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast OpenSSF 2025 MVVSR OverviewCRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group to discuss the key lessons learned from open source security in 2024, the importance of the MVVSR (Mission, Vision, Values, Strategy, and Roadmap) framework, and the exciting initiatives planned for 2025. They highlight the growing reliance on open source, the challenges of dependency vulnerabilities, and the need for better security practices in the industry.Chapters:03:29...

2025-03-1126 min

Cyber Briefing February 27, 2025 - Cyber Briefing👉 What's going on in the cyber world today?🚨 #CyberAlertsPolarEdge Botnet Targets Cisco ASUS QNAP and Synology Devices for Cyber AttacksSource: Jeremy Scion, Felix Aimé via SekoiaGitLab Warns of High-Risk Cross-Site Scripting Vulnerabilities Exposing User DataSource: GitLabAnubis Ransomware Group Emerges With Multiple Data Extortion ModelsSource: KelaMicrosoft Removes Popular VSCode Extensions Over Security RisksSource: Amit Assaraf via ExtensionTotal on MediumHackers Exploit Cross-Site Scripting Flaw in Krpano Framework to Inje...

2025-02-2709 min

GR-OSS OUT Podcast Security and Community with Tabatha DiDomenicoIn this podcast, Tabatha and Jay discuss security, oss communities, and the places security and community can intersect. Learn how GR-OSS works with CHAOSS and OpenSSF as part of our open source work. Read more about... CHAOSS https://chaoss.community/ OpenSSF https://openssf.org/ Want to use open source software to build the next big thing? Check out job vacancies at G-Research! https://www.gresearch.com/vacancies/Special Guest: Tabatha DiDomenico.

2025-02-1233 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply ChainCRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and the future of supply chain security. 01:56 - Michael explains how he got into open source04:10 - The challenges of being a startup within the open source ecosystem05:38 - Michael digs into his participation with SLSA and GUAC09:13 - How maintainers can address SBOMs with GUAC10:56 - Michael’s predictions for supply chain security and dependency management14:26 - M...

2025-01-0721 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source ProjectsIn this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity and the people behind the code.01:42 - Why the Sovereign Tech Fund became the Sovereign Tech Agency03:59 - The ways the Sovereign Tech Agency supports open source infrastructure initiatives04:42 - The four criteria for Sovereign Tech Agency funding: prevalence, relevance, vulnerability and public interest06:51 - Sovereign Tech Agency success st...

2024-12-1716 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source SecurityIn this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security. 01:00 - Michael shares his origin story into open source 02:09 - How Alpha-Omega came to be03:48 Alpha-Omega’s mission is catalyzing sustainable security improvements05:16 - The four types of investments Alpha-Omega makes to catalyze change11:33 - Michael expands on his “clean the beach” approach to impacting open source security16:41 - The 3F framework helps manage...

2024-12-1027 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository SecurityCRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.”00:48 - Jack and Zach share their backgrounds02:59 - What package repositories are and why they’re important to open source users04:17 - The positive impact package security has on downstream users07:06 - Jack a...

2024-11-2623 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Red Hat's Rodrigo Freire and the Impact of High-Profile Security IncidentsIn this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the open source community. Rodrigo has a distinguished track record of success and experience in several industries, especially high-performance and mission-critical environments in financial services. 01:08 - Rodrigo shares his entry into open source02:42 - Diving into the specifics of a high-profile incident06:22 - How security researchers coordinate a response to a high-profile incident10:33 - The benefits of a vulnerability disclosure program11:57 - Rodgiro answers CRob's rapid-fire questions13:43 - Advice for anyone getting into the industry14:26 - Rodrigo's call t...

2024-11-1216 min

Compilado do Código Fonte TV Novidades do CSS; TikTok investigado no Brasil; IA encontra bug no SQLite; Verificação de segurança com OpenSSF; Rifa do Bing; Bloco de Notas com IA [Compilado #172]Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 02/11 a 08/11. 📌 Black Friday com até 40% de descontoDepois de experimentar Insider, é impossível voltar atrás. #insiderstore Desbloqueie seu desconto com o cupom CODIGO15https://codft.me/insider092024 ☕ Que tal um café com desconto?Veroo Café: https://codft.me/veroocafeCupom: CODIGOFONTE - Plano anual com brinde especial! 📌 Sorteio Semanal Compilado:Os ganhadores do Sorteio Semanal do Compilado foram o @‌onecio, e ele levou uma camiseta do Compilado! Você pode ser...

2024-11-1054 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer”In this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with over 10 years of ethical hacking, reverse engineering and advanced vulnerability analysis, Stephanie has a deep knowledge and passion for the hacker mindset. 01:14: Stephanie shares how she got her start in security05:41 Interesting things Stephanie has discovered since becoming more directly involved with open source08:20 The challenge of instilling trust into those who consume open source12:42 Stephanie answers CRob’s rapid-fire questions14:07 Stephanie’s advice to those getting into cybersecurity15:43 Stephanie’s call to action for lis...

2024-10-2916 min

Open at Intel Bridging the Gap: Open Source Security and Web Development In this episode, Dan Applequist of Samsung explores the intersection of open source security and web development. Drawing from his extensive experience with the World Wide Web Consortium (W3C) and initiatives like Open Source Security Foundation (OpenSSF) and C2PA, Dan discusses the challenges and opportunities of uniting the open source security community with web developers. Emphasis is placed on the critical importance of mobile security, considering the sensitive information on mobile devices and industry best practices such as OWASP guidelines. The conversation also highlights the importance of security education, referencing resources like OpenSSF Security 101 and OWASP's global meetups...

2024-10-1725 min

2024-10-1725 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Intel’s Katherine Druckman and the Impact of Developer RelationsIn this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair of the OpenSSF Marketing Advisory Council and DevRel Community. Katherine enjoys sharing her passion for a variety of open source topics and is a long-time open source advocate, developer and podcaster. She’s currently the host of Open at Intel and co-host of the FLOSS Weekly and Reality 2.0 podcasts. She spent over a decade at Linux Journal. A passionate Drupalist since she first downloaded a tarball in 2005, she has also been a Drupal contributor and engineer. A...

2024-10-1514 min

Open at Intel From Fear to Confidence: Navigating Open Source SecurityIn this episode, we welcomed back Christopher Robinson, aka CRob, to discuss his extensive work in the Open Source Security Foundation (OpenSSF). We chatted about the importance of open source software security, detailing the various initiatives aimed at improving security standards. CRob shares insights into the working groups and projects within OpenSSF, focusing on their efforts to educate developers and security researchers. We also touched on the upcoming SOSS Fusion event, and its role in fostering community engagement and collaboration in open source security. We encourage listeners to join these endeavors and contribute to solving significant security challenges.

2024-10-0225 min

2024-10-0225 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise LevelIn this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a complex enterprise. Sarah sits on the OpenSSF Technical Advisory Council and at Dell’s she has been instrumental in cybersecurity innovation, conducting research within the global CTO R&D organization. Her career spans pivotal roles, including being an enterprise security architect and engaging in Identity and Access Management and IT at prestigious organizations like Wells Fargo and the U.S...

2024-10-0116 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Bidding Adieu to Omkhar ArasaratnamIn this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As Omkhar moves on to the next chapter of his occupational journey, he reflects on his tenure with the OpenSSF, shares his open source origin story and highlights the achievements of the OpenSSF and the tactics he used to engage different stakeholders. Omkhar shares his open source origin story02:14 - Things Omkhar is proud of during his tenure at the OpenSSF04:36 - The challenge of keeping myriad stakeholders engaged07:12 - Areas of...

2024-09-1720 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast CoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open SourceOmkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay White, security principal program manager at Microsoft. David and Jay are on the Project Governing Board for the Coalition for Secure AI (CoSAI), an alliance of industry leaders, researchers and developers dedicated to enhancing the security of AI implementations. Additionally, Jay — along with Mihai — are leads on the OpenSSF AI/ML Security Working Group. In this conversation, they dig into CoSAI’s goals and the potential partnership with the OpenSSF.00:57 - Guest introductions01:56 - Dave and Ja...

2024-09-1022 min

SecurityWeek Podcast Series - Cybersecurity Insights Fireside Chat: Bennett Pursell on the OpenSSF Siren Threat Intel ProjectIn this session SecurityWeek speaks to Bennett Pursell, Ecosystem Strategist at the Open Source Security Foundation (OpenSSF) about OpenSSF Siren, a community data-sharing initiative aimed at bolstering the defenses of open source projects worldwide. In this fireside chat, Pursell discusses the origins and goals of OpenSSF Siren, exploring transparent access to data that can help small- and medium-sized businesses during active incidents. Pursell also shares insights on the value of threat intelligence, the shelf life of IOC (indicators of compromise) and how businesses with limited resources can mitigate exposure to risk.(Recorded at SecurityWeek's 2024 Threat Detection & Incident...

2024-09-0630 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…”In this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Depar...

2024-09-0322 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast CISA's Aeva Black and the Public Sector View of Open Source SecurityIn this episode, Omkhar Arasaratnam visits with Aeva Black, who currently serves as the Section Chief for Open Source Security at CISA, and is an open source hacker and international public speaker with 25 years of experience building open source software projects at large technology companies. She previously led open source security strategy within the Microsoft Azure Office of the CTO, and served on the OpenSSF Technical Advisory Committee, the OpenStack Technical Committee, and the Kubernetes Code of Conduct Committee. In her spare time, Aeva enjoys riding motorcycles up and down the west coast.01:37...

2024-08-2712 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Google’s Andrew Pollock and Addressing Open Source VulnerabilitiesEpisode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, great user experiences and self-service opportunities. He has primarily worked in Linux/Unix environments as a Site Reliability Engineer or Security Engineer, with a strong interest in process improvement and automation.00:52 - Andrew shares his background as a “mid-90s data nerd”02:31 - Managing vulnerabilities in the open sour...

2024-08-1312 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Rust Foundation’s Bec Rumbul and Succeeding as a “Non-Techie” in a Tech-Heavy IndustryBec Rumbul is the Executive Director and CEO of the Rust Foundation, a global non-profit that stewards the Rust language, supports maintainers, and ensures that Rust is safe, secure, and sustainable for the future. She holds a PhD in Politics and Governance and has worked as a consultant and researcher with governments, parliaments and development agencies all over the world, advocating for openness and transparency and developing tools to improve digital participation.02:57 Bec shares her day-to-day activities with the Rust Foundation04:53 Bec on her sometimes tricky responsibilities during her time at the U.N.06:35 How Bec communicates the...

2024-07-3018 min

Open at Intel The Burden of Security in Software MaintenanceIn this episode, John Kjell, Director of Open Source at TestifySec, discusses his involvement in various open source projects and the intricacies of maintaining such projects. John sheds light on his work with the CNCF and OpenSSF, and the impact of tools like Witness, Archivista, and SLSA. He outlines the challenges maintainers face, especially around security, and offers insights into balancing professional and personal responsibilities. John also explores the significance of community, inclusivity, and a secure developer identity in open source ecosystems. 00:00 Introduction and Guest Background 01:20 Maintainer Burnout and Security Challenges 04:41 Balancing Multiple Projects and...

2024-07-2426 min

2024-07-2426 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Sonatype’s Brian Fox and the Perplexing Phenomenon of Downloading Known VulnerabilitiesBrian Fox is Co-founder and Chief Technology Officer at Sonatype, bringing over 28 years of hands-on experience driving software development for organizations of all sizes, from startups to large enterprises. A recognized figure in the Apache Maven ecosystem and a longstanding member of the Apache Software Foundation, Brian has played a crucial role in creating popular plugins like the maven-dependency-plugin and maven-enforcer-plugin. His leadership includes overseeing Maven Central, the world's largest repository of open-source Java components, which recently surpassed a trillion downloads annually.As a Governing Board member for the Open Source Security Foundation, Brian actively c...

2024-07-1622 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Arun Gupta and Giving Back to Security CommunitiesArun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has been an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles, contribute, and collaborate effectively.On July 9th and 10th, the OpenSSF will attend the 2024 OSPOs for Good symposium hosted by the UN. What’s in the SOSS? co-host Omkhar Arasaratnam and Arun will lead a session called “Engaging the Open Source Community.”Foll...

2024-07-0222 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Stacklok's Adolfo García Veytia Digs Into SBOMs and VEXThe world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation behind the release process. Puerco is one of the original authors of OpenVEX, an OpenSSF project working towards a minimal implementation of VEX that can be easily embedded and attested. He's also a contributor to the SPDX project and a maintainer of severa...

2024-06-1818 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS?Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s Technical Advisory Committee (TAC) Chair. And soon, CRob will step into another role: co-host of What’s in the SOSS? With 25 years of enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the financial, medical, legal, and manufacturing verticals. He also spent six years helping lead the Red Hat Product Security team as their Program Architect.00:57 - CRob’s day-to-day activities and his affiliation with the OpenSS...

2024-06-1120 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source SecurityMatt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore the frontier of AI, understand its impacts and maximize its benefits, especially in the cybersecurity domain. 00:40 - Matt’s duties at OpenAI01:52 - Matt’s accidental journey into cybersecurity05:18 - The intersection of AI and open source06:45 - Matt’s thoughts on how AI can help security professionals08:53 - Details on the AI Cyber Challenge (AIxCC)10:53 - Matt answers Omkhar’...

2024-06-0414 min

ITSPmagazine Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean MartinGuests: Omkhar Arasaratnam, General Manager, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/omkhar/Adrianne Marcum, Technical Project Manager, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/adriannefranscinimarcumArun Gupta, VP/GM Open Ecosystem at Intel, Governing Board Chair, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/arunpgupta/On Twitter | https://twitter.com/arunguptaChristopher Robinson, Chairperson of the Technical Advisory Council, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/darthcrob/____________________________Host: Sean M...

2024-05-2342 min

Redefining CyberSecurity Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean MartinGuests: Omkhar Arasaratnam, General Manager, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/omkhar/Adrianne Marcum, Technical Project Manager, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/adriannefranscinimarcumArun Gupta, VP/GM Open Ecosystem at Intel, Governing Board Chair, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/arunpgupta/On Twitter | https://twitter.com/arunguptaChristopher Robinson, Chairperson of the Technical Advisory Council, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/darthcrob/____________________________Host: Sean M...

2024-05-2342 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Eric Brewer and the Future of Open Source SecurityIn this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s. 01:15 - Eric discusses his background03:14 - Improving security in a corporate vs. open source environment05:58 - Advancements Eric has noticed in open source in recent years07:17 - How to make software repositories more secure08:58 - The next big...

2024-05-2116 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software SecurityIn this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of the Jeff Aiken cyberthriller novels Zero Day, Trojan Horse and Rogue Code, and co-author of the Microsoft Press Windows Internals books.00:36 - Mark on his role at Azure01:30 - Where AI is headed and its impact on enterprises04:06 - The task of teaching a mach...

2024-05-0717 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Christoph Kern and the Challenge of Keeping Google SecureIn this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security.00:42 - Christoph offers a rundown of his duties at Google01:38 - Google’s general approach to security03:02 - What Christoph describes as “stubborn vulnerabilities” and how to stop them06:42 - An overview of Google’s security ecosystem10:00 - Why memory safety is so important12:23 - Solving memory safety problems via languages16:23 - Omkhar’s rapid-fire questions18:28 - Why Christoph...

2024-04-2320 min

Nerding Out With Viktor Mastering OpenSSF Scorecards & SBOMs with Chris SwanJoin Viktor Petersson on this episode of Nerding Out with Viktor as he dives into the world of open source security with guest Chris Swan, a seasoned engineer at Atsign. Together, they explore the critical role of SBOMs (Software Bill of Materials) and OpenSSF Scorecards in securing software and promoting transparency. Chris shares his expertise on how Atsign harnesses these tools to safeguard their networking platform and build trust with users. The conversation shines a light on the importance of OpenSSF within the Linux Foundation, highlighting Atsign's adoption of scorecards as a testament to their commitment to security...

2024-04-221h 00

Nerding Out With Viktor (audio only)Mastering OpenSSF Scorecards & SBOMs with Chris SwanJoin Viktor Petersson on this episode of Nerding Out with Viktor as he dives into the world of open source security with guest Chris Swan, a seasoned engineer at Atsign. Together, they explore the critical role of SBOMs (Software Bill of Materials) and OpenSSF Scorecards in securing software and promoting transparency. Chris shares his expertise on how Atsign harnesses these tools to safeguard their networking platform and build trust with users. The conversation shines a light on the importance of OpenSSF within the Linux Foundation, highlighting Atsign's adoption of scorecards as a testament to their commitment to security...

2024-04-221h 00 $SANS Internet Storm Center\'s Daily Network Security News Podcast$

SANS Internet Storm Center's Daily Network Security News Podcast Network Security News Summary for Thursday April 18th, 2024AgentTesla via PDF; GlobalProtect Updates; Open Source Takeovers; OpenMetaData Attacks Malicious PDF File As Delivery Mechanism https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848 Updated Palo Alto Networks GlobalProtect Guidance https://security.paloaltonetworks.com/CVE-2024-3400 Coordinated Social Engineering Takeovers of Open Source Projects; https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/ OpenMetaData Attacks https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/ keywords: openmetadata; social engineering; open source; openssf; openjs; pan; globalprotect; pdf; agenttesla

2024-04-1805 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast Vincent Danen and the Art of Vulnerability ManagementOmkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. He’s also on the Governing Board of the OpenSSF. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development.Links: Vincent Danen’s LinkedIn pageRed Hat Product Security Vulnerability ManagementOpenSSF Security Toolbelt

2024-04-1118 min $What\'s in the SOSS? An OpenSSF Podcast$

What's in the SOSS? An OpenSSF Podcast What's in the SOSS? PreviewOmkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF) and a veteran cybersecurity and technical risk management executive. Before joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a seasoned technology leader, Omkhar has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. He is also an accomplished author and has led contributions to many international standards. In this short preview, Omkhar offers a sneak peek into the coming What's in the SOSS? p...

2024-03-2600 min

Security Weekly Podcast Network (Video)GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification - ASW #278The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in InfoSec (and AppSec), and more! Show Notes: https://securityweekly.com/asw-278

2024-03-2632 min

Application Security Weekly (Video)GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification - ASW #278The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in InfoSec (and AppSec), and more! Show Notes: https://securityweekly.com/asw-278

2024-03-2532 min $Paul\'s Security Weekly (Audio)$

Paul's Security Weekly (Audio)Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock...

2024-03-142h 48

Security Weekly Podcast Network (Audio)Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock...

2024-03-142h 48 $Paul\'s Security Weekly (Video)$

Paul's Security Weekly (Video)Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf Show Notes: https://securityweekly.com/psw-820

2024-03-1452 min

Security Weekly Podcast Network (Video)Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf Show Notes: https://securityweekly.com/psw-820

2024-03-1452 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$

SANS Internet Storm Center's Daily Network Security News Podcast Network Security News Summary for Tuesday February 13th, 2024Mirai vs BYTEVALUE; Targeted Cloud Attack; Repo Security; Postgresql Vuln; Comma vs MSFT Defender Exploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642 Senior Executives Targeted in Ongoing Azure Account Takeover https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover CISA Parners With OpenSSF To Secure Software Repositories https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package PostgreSQL Vulnerability https://www.postgresql.org/support/security/CVE-2024-0985/ Microsoft Defender Bypass via Comma https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt keywords...

2024-02-1305 min

AppSec Now Episode 13: August, 2023 - OpenSSF / Hacker Summer CampJoin Aubrey King, from DevCentral, as he talks with a record number of guests - 8 - for August, 2023 This Month In Security! Topics are OpenSSF and "Hacker Summer Camp" in Las Vegas (B-Sides, BlackHat, Defcon), as well as the latest news. You'll hear from David Wheeler, from the Linux Foundation, Akira Brand, from Application Security Weekly podcast and F5'ers Buu Lam, Christine Abernathy, Trishan DeLanerole, Aaron Brailsford, Malcolm Heath and Sander Vinberg! 00:00:00 Introduction 00:02:55 Aubrey & Akira chat Ops and OpenSSF 00:06:48 OpenSSF Update w/ David Wheeler 00:24:11 B-Sides LasVegas & Defcon 2023 Report 00:35:54 BlackHat 2023 Report 00:43:12 Aubrey & Akira chat SecOps Perspectives 00:46:13 The Latest CyberSecurity...

2024-01-111h 01

Open at Intel The Art of Open Source: A Conversation with Stephen AugustusStephen Augustus, the Head of Open Source at Cisco, shares his experiences and insights about contributing to and maintaining open source projects including Kubernetes and OpenSSF Scorecard. Stephen highlights the importance of building sustainable practices and the value of having product, program, and project management skills in open source projects. Discussions delve into the inner workings of the Kubernetes project, the role and functionality of the OpenSSF Scorecard, and the process of incorporating new contributors and projects. He further emphasizes the importance of transparency and intentionality in corporations' involvement in open source projects. 00:00 Introduction and Guest Background

2023-12-0630 min

2023-12-0630 min $It\'s 5:05! Daily cybersecurity and open source briefing$

It's 5:05! Daily cybersecurity and open source briefing Episode #245: npm Typo-Squat Deploys RootKits; Software Supply Chain: What Matters to an Architect; Security During Software Creation; OpenSSF Scorecards for Open Source🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we're covering today.Marcel Brown: October 6th, 1942. Chester Carlson is issued a patent on a process called electrophotography, now commonly known as photocopying. It was not until 1946 that a company had any interest in pursuing photocopying commercially.Edwin Kwan: A malicious component in the npm package registry has been found to be deploying an open-source rootkit. This incident is a reminder that developers need to take caution...

2023-10-0614 min

Application Security Weekly (Video)A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257Attackers impersonate Dependabot commits, an alg of "none" plagues a JWT, CISA calls for hardware bills of materials, OpenSSF lists its critical projects, Exim (finally! maybe?) has some patches, bug bounties and open source projects, and more! Show Notes: https://securityweekly.com/asw-257

2023-10-0339 min

Security Weekly Podcast Network (Video)A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257Attackers impersonate Dependabot commits, an alg of "none" plagues a JWT, CISA calls for hardware bills of materials, OpenSSF lists its critical projects, Exim (finally! maybe?) has some patches, bug bounties and open source projects, and more! Show Notes: https://securityweekly.com/asw-257

2023-10-0339 min

The Cyber Ranch Podcast The Open Source Security Foundation with Omkhar ArasaratnamThe OpenSSF is doing invaulable work for the cybersecurity community. And their new managing director happens to be Omkhar Arasaratnam, whose appearance on the show a while back created one of our most popular episodes ever! Omkhar is back to talk about the OpenSSF: What is the OpenSSF and how does it relate to the Linux Foundation? What is the organization's mission? What is the organization's vision? What exciting projects are taking place (and a sneak peek about some upcoming announcements at Black Hat!) What mark do you want to leave on the OpenSSF as Managing Director? Om...

2023-08-0231 min

Three Buddy Problem OpenSSF GM Omkhar Arasaratnam on open-source software securityEpisode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) New General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins Ryan for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.Links:OpenSSF Welcomes New General ManagerOpenSSF Alpha-OmegaCSRB report on Log4jBig Tech Object to US Gov SBOM MandateOmkhar Arasaratnam on LinkedIn

2023-07-0536 min

Resilient Cyber S4E22: Omkhar Arasaratnam - OSS and OpenSSFYou are now at the Open Source Security Foundation - but you have a ton of experience (even as a former IBMer) from Google, to JPMorgan, and financial institutions through architecture, management, and engineering. Can you talk a little bit about your leadership journey? Let's dig into OpenSSF a bit more - we're only seeing an increase in software supply chain attacks - what is driving the OpenSSF and any particular threats you're concerned with at the moment? We know the OpenSSF has focused heavily on securing OSS and the ecosystem and even launched the OS...

2023-06-2341 min

Techstrong 55 Episode #79 - Techstrong 55, Thursday, June 8, 2023Hello everyone and welcome to Techstrong 55. Today is Thursday, June 8th, and I am your host William Willis. In today’s show, we will hear about the intersection of open-source software and DevOps with David Sandilands and Ben Ford from Puppet. Then, we will hear about exciting research and ongoing work within the OpenSSF with Yesenia Yser and Jonathan Leitschuh from the OpenSSF. Finally, we will hear about the launch of AWS Multi Account Support with Toni de la Fuente from Prowler Pro. Without further ado, let's get the show started. Enjoy. In thi...

2023-06-081h 03

Security Weekly Podcast Network (Audio)PSW #770 - Brian BehlendorfThis week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included! Open source is the bedrock of most of the world’s software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and tools and processes that encourage teamwork and shared res...

2023-01-272h 47 $Paul\'s Security Weekly (Audio)$

Paul's Security Weekly (Audio)PSW #770 - Brian BehlendorfThis week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included! Open source is the bedrock of most of the world's software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and tools and processes that encourage teamwork and shared responsibility f...

2023-01-272h 47 $Paul\'s Security Weekly (Video)$

Paul's Security Weekly (Video)How Do We Raise the Floor for Software Quality? - Brian Behlendorf - PSW #770Open source is the bedrock of most of the world’s software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and tools and processes that encourage teamwork and shared responsibility for security. Several efforts are underway in major open source communities to address these issues. At the Open Source Security Foundation (OpenSSF), major companies, open source software maintainers, startup companies and government actors are working together to improve open source software su...

2023-01-2658 min

We Speak CVE Coordinated Vulnerability DisclosureShannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF’s “Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects” document and the important step of obtaining a CVE ID in the coordinated vulnerability disclosure process for open-source vulnerabilities.OpenSSF is a “cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them.” The CVD Guide was released by OpenSSF’s Vulnerability Disclosure working group in September 2022, which in 2021 released its “Guide to Implementing a Coordinated Vu...

2022-12-3023 min

Application Security Weekly (Video)Text4Shell, GUAC for SLSA, OpenSSF Scorecards, Toner Deaf, OWASP Elections - ASW #217Text4Shell isn't a new patching hell, using supply chain info with GUAC, OpenSSF Scorecards and metrics, Toner Deaf firmware persistence, upcoming OWASP Board Elections, Chrome browser exploitation Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw217

2022-10-2640 min

The New Stack Podcast Inside a $150 Million Plan for Open Source Software SecurityAUSTIN, TEX. —Everyone uses open source software — and it’s become increasingly apparent that not nearly enough attention has been paid to the security of that software. In a survey released by The Linux Foundation and Synk at the foundation’s Open Source Summit in Austin, Tex., this month, 41% of organizations said they aren’t confident in the security of the open source software they use.At the Austin event, The New Stack’s Makers podcast sat down with Brian Behlendorf, general manager of Open Source Security Foundation (OpenSSF), to talk about a new plan to attack the problem f...

2022-06-2912 min

Application Security Weekly (Video)Typosquatting, Curl's Security Update, & OpenSSF's 10 Point Mobilization Plan - ASW #197This week in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, interesting appsec from Black Hat Asia. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw197

2022-05-1840 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$

SANS Internet Storm Center's Daily Network Security News Podcast Network Security News Summary for Tuesday May 3rd, 2022VSTO Office Files; Gmail SMTP Relay; OpenSSF Package Analysis; M1 Prefetcher Leak Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit OpenSSF Package Analysis https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ M1 Prefetcher Data Leak https://www.prefetchers.info keywords: M1; apple; prefetcher; openssf; gmail; smtp; vsto; office

2022-05-0305 min

In the Open with Luke and Joe Open source software, cybersecurity, and OpenSSF | Jamie Thomas, Chair, OpenSSFAs General Manager of Strategy and Development, IBM Systems, Jamie Thomas sets the direction for IBM Systems, Power, Z, and Storage systems. She also currently serves as Board Chair of the Open Source Security Foundation. In her leadership roles, Jamie is uniquely positioned to provide insight on what lies ahead for open source development, software, and the systems that serve as the technology backbone for companies around the world. Jamie joins hosts Luke Schantz and Joe Sepi to talk about her storied career at IBM and what lies ahead for the technology that helps most large organizations r...

2022-04-1449 min

IBM Developer Podcast Open Source Security Foundation | Interview with Brian Behlendorf, GM, OpenSSFBrian Behlendorf is the General Manager of the Open Source Security Foundation. Brian has dedicated his career to connecting and empowering the free software and open source community to both solve difficult technology problems and have a positive impact on society. From startup company founder, to advisor to the U.S. government, to non-profit board member and employee of the World Economic Forum, he's been at the forefront of the open source software revolution. Join hosts Luke Schantz and Joe Sepi as they get Brian's take on the latest open source software developments. As the recent Log4J...

2022-02-2349 min

Open Source Security The bright future of open source securityJosh and Kurt talk about NPM requiring 2FA for the top 100 packages. We discuss the new Alpha and Omega projects from the OpenSSF and what it could mean for the future of open source security. Then we end on a note about the new Samba critical vulnerability. Show Notes NPM requires 2FA OpenSSF Alpha and Omega David A. Wheeler episode Linux Foundation LFX Samba Advisory

2022-02-0731 min

Software Defined Talk Paradox of AdviceThis week we discuss Cloud Earnings, OpenSSF’s new project and Tim Bray’s take on Cloud. Plus, some thoughts on data gravity… Rundown Earnings Apple tops earnings expectations on strong iPhone sales Microsoft Azure exceeded $40 billion in annualized revenue Alphabet crushes earnings, announces 20-for-1 stock split Docker makes comeback with over $50M in ARR two years into restructuring OSS Security Open Source Security Foundation (OpenSSF) OpenSSF Announces The Alpha-Omega Project to Improve Software Supply Chain Security for 10,000 OSS Projects Citrix goes private Tim Bray’s take on Cloud Relevant to your Interests Confluent and AWS...

2022-02-041h 02

Open Source Security David A Wheeler discusses the OpenSSFJosh and Kurt talk to David A. Wheeler about everything OpenSSF. The Open Source Security Foundation is part of the Linux Foundation, and there are 6 OpenSSF working groups. David does a great job explaining how the OpenSSF works and what the 6 working groups are doing. The working group are (in no particular order): Identifying Security Threats, Security Tooling, Best Practices, Vulnerability Disclosures, Digital Identity Attestation, Securing Critical Projects. Show Notes David A Wheeler Episode 14 – David A Wheeler: CII Badges Sigstore joins the OpenSSF OpenSSF Technical Working Groups NPM requires MFA LISH Backstabber's Knife Collection: A Review of Op...

2021-11-2238 min

Open Source Security Scoring OpenSSF Security ScoringJosh and Kurt talk about the release of OpenSSF Security Scorecards version 3. This is a great project that will probably make a huge difference. Most of the things the scorecards are measuring are no brainier activities. We go through the list of metrics being measured. There are only a few that we don't think are fantastic. Show Notes 4 of spades OpenSSF Chris Montgomery audio explanation Scorecard 3.0.0 Scoring criteria Python Skeleton

2021-10-1834 min

DevOps and Docker Talk: Cloud Native Interviews and Tooling Containerd with Phil Estes🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation in 2025. I'm so thrilled to announce this course. The waitlist allows you to quickly sign up for some content updates, discounts, and more as I finish building the course. https://learn.bretfisher.com/waitlist🍾Phil Estes from AWS joins Bret to talk about containerd/state of the project, Docker Desktop alternatives and how developers are using containerd, OpenSSF, and supply chain security, and how containers will play a role. There's a lot of stu...

2021-10-151h 01

Sudo Show 35: Busting Open Source Security MythsEric and Brandon sit down and look into some of the biggest security myths around Open Source software and one by one debunk them right on the show! Destination Linux Network Sudo Show Website Sponsor: Bitwarden Sponsor: Digital Ocean Sudo Show Swag Contact Us: DLN Discourse Email Us! Sudo Matrix Room Heartbleed Sophos: Venom Virtual Machine Escape Bug Tidelift Blog: More than Half of Maintainers Have Quit or Considered Quitting, and Here’s Why Jaeger Tracing Article: Measure the Health of Open So...

2021-09-3034 min

Google Cloud Platform Podcast Secure Software Supply Chain with Nikhil Kaul and Victor SzalvayThis week on the podcast, hosts Stephanie Wong and Bukola Ayodele speak with Nikhil Kaul and Victor Szalvay about security in the software supply chain. Cloud OnAir will be offering a virtual event on supply chain software security on July 29th, and our guests start the show by telling us more about it. The recent cyber attacks on US companies have brought to light the importance of cyber security. A new set of guidelines for securing these components and software as a whole will be released soon, impacting not just software developers but the users as well...

2021-07-2133 min

IT i TO #06: Engineering Manager w jednorożcu - Marcin HoppeJednorożce rozgrzewają wyobraźnię jeżeli chodzi o swoje finansowanie – a jak wygląda ich codzienność? W tym odcinku rozmawiam z Marcinem Hoppe, engineering manager w Auth0, firmie określanej jako “unicorn”. Dowiesz się z niego nie tylko o tym, jak się ujeżdża jednorożce w codziennej pracy, ale też:• O tym jak wygląda praca w unicorn, czyli firmie wartej według wyceny ponad 1 MLD dolarów• O trzech powodach dla programisty, dlaczego nie powinien sam tworzyć rozwiązania do bezpieczeństwa• O pracy zdalnej w środowisku międzynarodowym w wielu strefach czasowych i kulturowych i jak wyglą...

2021-04-161h 04

Dave & Gunnar Show Episode 212: Security Requires Thinking (His Monkey, His Circus)This week Dave and Gunnar talk with Dr. David A. Wheeler about what’s new at the Linux Foundation, a brand-new free course on developing secure software, some survey results, and recent news concerning SolarWinds. Open Source Security Foundation (OpenSSF) of the Linux Foundation replaces the Core Infrastructure Initiative (CII) and has several working groups Secure Software Development Fundamentals Courses The Linux Foundation’s Core Infrastructure Initiative (CII) Badge Program is now part of the OpenSSF Best Practices Working Group Project statistics, now >3,500 participating projects & >500 passing badges If you develop OSS, make sure your projects are pursuing a badg...

2021-01-2649 min