Look for any podcast host, guest or anyone

Showing episodes and shows of

OpenSSF

Shows

$What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastFrom Compliance to Community: Meeting CRA Requirements TogetherIn this episode of 'What's in the SOSS” CRob dives deep into the Erlang ecosystem with Jonatan Männchen (CISO, Erlang Ecosystem Foundation), Ulf (Product Owner, Herrmann Ultraschall), and Michael Winser (Alpha Omega). This episode explores the critical importance of security in open source, particularly in light of regulations like the CRA. Hear how the Erlang community is proactively addressing security concerns by bringing in experts, fostering collaboration, and building trust. Discover why manufacturers are investing in upstream projects and how other ecosystems can learn from their approach. This conversation highlights the value of community, transparency, and the essential rol...2025-07-2931 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastBuilding India's Open Source Security Community: From Developer Nation to Security ChampionsJoin CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world's largest developer communities. Ram shares his journey from computer science professor to developer evangelist, discusses the launch of LF India, and reveals why getting developers excited about security tools remains one of his biggest challenges. From spicy food preferences to Star Trek vs. Star Wars debates, this episode offers both insights into global open source security efforts and a glimpse into the passionate community builders making it happen.2025-07-1518 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastFrom Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building CommunityIn this episode of What’s in the SOSS? host Yesenia Yser sits down with open source security engineer and community leader Tabatha DiDomenico for an inspiring conversation about her unexpected path into open source, the vibrant communities behind security, and her role as president of BSides Orlando.From discovering Netscape in the early days to shaping security strategy at G-Research and OpenSSF, Tabatha shares how her career evolved from necessity to purpose. She talks about the power of DevRel, the invisible work behind sustainable open source, and the magic of volunteering - pro-tip: working the registration ta...2025-07-0129 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastBridging DevOps and Security: Tracy Reagan on the Future of Open SourceIn this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF, Tracy shares her journey through the ever-evolving world of open source security.We dig into the importance of configuration management, what DevSecOps really means, and how projects like the OpenSSF Scorecard and Ortelius help make our software supply chains more transparent and secure. Plus, we tackle the education gap between security pros and DevOps engineers—an...2025-06-1720 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastYoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé HayesIn this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how she found inspiration for her TED Talk in the wisdom of Yoda. The two discuss the myths around DEIA, how the Jedi Council reflects ideal collaboration, and why unlearning old beliefs is key to progress. Plus, stay for the rapid-fire questions and discover if Dr. Hayes is more Mar...2025-06-0319 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastCybersecurity Framework LaunchIn this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey into open source, the role of LF Education in supporting the community, and the importance of cybersecurity education. They also delve into the development of the Global IT Cyber Skills Framework, emphasizing the need for continuous learning and community engagement in the tech industry.Chapters:00:00 Introduction to Open Source and LF Education02:59 Clyde's Journey into Open Source05:54 The Role of LF Education in Open Source09:00 Cybersecurity and the Global IT Cyber Skills Framework11:59 Framework...2025-05-2020 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastScaling Security: Inside the GitHub Securing Open Source Software FundIn this episode of What’s in the SOSS?, CRob sits down with Kevin Crosby and Xavier Rene-Corail from GitHub to unpack the GitHub Secure Open Source Fund - an innovative program that combines funding, education, and community to strengthen open source security. Learn how this unique initiative connects maintainers with training, resources, and a $10K stipend to scale security best practices. The trio also shares the origins of the fund, surprising takeaways from the first cohort, and what’s next for this rapidly growing initiative.Chapters:00:00 – Introduction00:58 – Meet the Guests02:26 – Open Source Ori...2025-05-1326 min

Open at IntelDemystifying Cyber Resilience and the Tools That Help In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into...2025-05-0821 min

Open at IntelDemystifying Cyber Resilience and the Tools That Help In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into...2025-05-0821 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastShowing Up Fully: Meet OpenSSF’s new Community Manager, Stacey PotterIn this special episode of What’s in the SoSS?, we welcome Stacey Potter, the new Community Manager at the Open Source Security Foundation (OpenSSF). Stacey shares her winding journey from managing operations at a vitamin company to becoming a powerful advocate and connector in the open source world. We explore her community-first mindset, her work with CNCF and Platform Engineering Day, and her passion for inclusion and authenticity. Whether you're curious about how to get started in open source or want insight into how community shapes security, this episode is for you.Ch...2025-05-0621 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastSecure Software Starts with Awareness: Education & Open Source with the Council of DavesIn this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversation covers key initiatives like the LFD121 course, upcoming resources on the EU Cyber Resilience Act, and how AI is shifting the landscape.Whether you're a developer, manager, or just open source curious, this is your crash course i...2025-04-2224 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastEnterprise to Open Source: Steve Fernandez’s Journey to the OpenSSFIn this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” what drew him into the world of open source, and how his decades of experience as a consumer of open source software are shaping his vision for the Foundation.00:21 Welcome & Introductions00:57 Steve’s Tech Journey03:13 Why OpenSSF?05:02 The Role of Security & Strategic Vision08:17 Rapid Fire & Final Thoughts 2025-04-1511 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastJavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at ScaleRobin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares her journey, insights on community-led development, and how OpenJS is building a healthier future for the JavaScript ecosystem.Learn more and register for JSConf North America: https://events.linuxfoundation.org/jsconf-north-america/register/Chapters:0:00 JavaScript's Critical Web Presence0:51 Robin Ginn Introduces OpenJS Foundation2:01 Core Challenges Facing JavaScript Ecosystem4:12 Managing Older Pr...2025-04-0817 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastEmpowering Security: Yesenia Yser on Open Source, AI, and Personal BrandingIn this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Red Hat to pioneering AI security at Microsoft. Learn how Yesenia blends her passion for cybersecurity, Brazilian jiu-jitsu, and empowering communities—especially women—to shape her personal brand and advocacy efforts. Don't miss this lively conversation full of actionable insights for anyone interested in cybersecurity, open source communities, and personal growth.Episode Highlights:00:18 – Introduction to Yeseni...2025-03-2517 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastOpenSSF 2025 MVVSR OverviewCRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group to discuss the key lessons learned from open source security in 2024, the importance of the MVVSR (Mission, Vision, Values, Strategy, and Roadmap) framework, and the exciting initiatives planned for 2025. They highlight the growing reliance on open source, the challenges of dependency vulnerabilities, and the need for better security practices in the industry.Chapters:03:29...2025-03-1126 min

Cyber Briefing

Cyber BriefingFebruary 27, 2025 - Cyber Briefing👉 What's going on in the cyber world today?🚨 #CyberAlertsPolarEdge Botnet Targets Cisco ASUS QNAP and Synology Devices for Cyber AttacksSource: Jeremy Scion, Felix Aimé via SekoiaGitLab Warns of High-Risk Cross-Site Scripting Vulnerabilities Exposing User DataSource: GitLabAnubis Ransomware Group Emerges With Multiple Data Extortion ModelsSource: KelaMicrosoft Removes Popular VSCode Extensions Over Security RisksSource: Amit Assaraf via ExtensionTotal on MediumHackers Exploit Cross-Site Scripting Flaw in Krpano Framework to Inje...2025-02-2709 min

GR-OSS OUT Podcast

GR-OSS OUT PodcastSecurity and Community with Tabatha DiDomenicoIn this podcast, Tabatha and Jay discuss security, oss communities, and the places security and community can intersect. Learn how GR-OSS works with CHAOSS and OpenSSF as part of our open source work. Read more about... CHAOSS https://chaoss.community/ OpenSSF https://openssf.org/ Want to use open source software to build the next big thing? Check out job vacancies at G-Research! https://www.gresearch.com/vacancies/Special Guest: Tabatha DiDomenico.2025-02-1233 min

GR-OSS OUT Podcast

GR-OSS OUT PodcastSecurity and Community with Tabatha DiDomenicoIn this podcast, Tabatha and Jay discuss security, oss communities, and the places security and community can intersect. Learn how GR-OSS works with CHAOSS and OpenSSF as part of our open source work. Read more about... CHAOSS https://chaoss.community/ OpenSSF https://openssf.org/ Want to use open source software to build the next big thing? Check out job vacancies at G-Research! https://www.gresearch.com/vacancies/Special Guest: Tabatha DiDomenico.2025-02-1233 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastKusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply ChainCRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and the future of supply chain security. 01:56 - Michael explains how he got into open source04:10 - The challenges of being a startup within the open source ecosystem05:38 - Michael digs into his participation with SLSA and GUAC09:13 - How maintainers can address SBOMs with GUAC10:56 - Michael’s predictions for supply chain security and dependency management14:26 - M...2025-01-0721 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastSovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source ProjectsIn this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity and the people behind the code.01:42 - Why the Sovereign Tech Fund became the Sovereign Tech Agency03:59 - The ways the Sovereign Tech Agency supports open source infrastructure initiatives04:42 - The four criteria for Sovereign Tech Agency funding: prevalence, relevance, vulnerability and public interest06:51 - Sovereign Tech Agency success st...2024-12-1716 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastAlpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source SecurityIn this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security. 01:00 - Michael shares his origin story into open source 02:09 - How Alpha-Omega came to be03:48 Alpha-Omega’s mission is catalyzing sustainable security improvements05:16 - The four types of investments Alpha-Omega makes to catalyze change11:33 - Michael expands on his “clean the beach” approach to impacting open source security16:41 - The 3F framework helps manage...2024-12-1027 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastJack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository SecurityCRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.”00:48 - Jack and Zach share their backgrounds02:59 - What package repositories are and why they’re important to open source users04:17 - The positive impact package security has on downstream users07:06 - Jack a...2024-11-2623 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastRed Hat's Rodrigo Freire and the Impact of High-Profile Security IncidentsIn this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the open source community. Rodrigo has a distinguished track record of success and experience in several industries, especially high-performance and mission-critical environments in financial services. 01:08 - Rodrigo shares his entry into open source02:42 - Diving into the specifics of a high-profile incident06:22 - How security researchers coordinate a response to a high-profile incident10:33 - The benefits of a vulnerability disclosure program11:57 - Rodgiro answers CRob's rapid-fire questions13:43 - Advice for anyone getting into the industry14:26 - Rodrigo's call t...2024-11-1216 min

Compilado do Código Fonte TV

Compilado do Código Fonte TVNovidades do CSS; TikTok investigado no Brasil; IA encontra bug no SQLite; Verificação de segurança com OpenSSF; Rifa do Bing; Bloco de Notas com IA [Compilado #172]Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 02/11 a 08/11. 📌 Black Friday com até 40% de descontoDepois de experimentar Insider, é impossível voltar atrás. #insiderstore Desbloqueie seu desconto com o cupom CODIGO15https://codft.me/insider092024 ☕ Que tal um café com desconto?Veroo Café: https://codft.me/veroocafeCupom: CODIGOFONTE - Plano anual com brinde especial! 📌 Sorteio Semanal Compilado:Os ganhadores do Sorteio Semanal do Compilado foram o @‌onecio, e ele levou uma camiseta do Compilado! Você pode ser...2024-11-1054 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastCanonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer”In this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with over 10 years of ethical hacking, reverse engineering and advanced vulnerability analysis, Stephanie has a deep knowledge and passion for the hacker mindset. 01:14: Stephanie shares how she got her start in security05:41 Interesting things Stephanie has discovered since becoming more directly involved with open source08:20 The challenge of instilling trust into those who consume open source12:42 Stephanie answers CRob’s rapid-fire questions14:07 Stephanie’s advice to those getting into cybersecurity15:43 Stephanie’s call to action for lis...2024-10-2916 min

Open at IntelBridging the Gap: Open Source Security and Web Development In this episode, Dan Applequist of Samsung explores the intersection of open source security and web development. Drawing from his extensive experience with the World Wide Web Consortium (W3C) and initiatives like Open Source Security Foundation (OpenSSF) and C2PA, Dan discusses the challenges and opportunities of uniting the open source security community with web developers. Emphasis is placed on the critical importance of mobile security, considering the sensitive information on mobile devices and industry best practices such as OWASP guidelines. The conversation also highlights the importance of security education, referencing resources like OpenSSF Security 101 and OWASP's global meetups...2024-10-1725 min

Open at IntelBridging the Gap: Open Source Security and Web Development In this episode, Dan Applequist of Samsung explores the intersection of open source security and web development. Drawing from his extensive experience with the World Wide Web Consortium (W3C) and initiatives like Open Source Security Foundation (OpenSSF) and C2PA, Dan discusses the challenges and opportunities of uniting the open source security community with web developers. Emphasis is placed on the critical importance of mobile security, considering the sensitive information on mobile devices and industry best practices such as OWASP guidelines. The conversation also highlights the importance of security education, referencing resources like OpenSSF Security 101 and OWASP's global meetups...2024-10-1725 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastIntel’s Katherine Druckman and the Impact of Developer RelationsIn this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair of the OpenSSF Marketing Advisory Council and DevRel Community. Katherine enjoys sharing her passion for a variety of open source topics and is a long-time open source advocate, developer and podcaster. She’s currently the host of Open at Intel and co-host of the FLOSS Weekly and Reality 2.0 podcasts. She spent over a decade at Linux Journal. A passionate Drupalist since she first downloaded a tarball in 2005, she has also been a Drupal contributor and engineer. A...2024-10-1514 min

Open at IntelFrom Fear to Confidence: Navigating Open Source SecurityIn this episode, we welcomed back Christopher Robinson, aka CRob, to discuss his extensive work in the Open Source Security Foundation (OpenSSF). We chatted about the importance of open source software security, detailing the various initiatives aimed at improving security standards. CRob shares insights into the working groups and projects within OpenSSF, focusing on their efforts to educate developers and security researchers. We also touched on the upcoming SOSS Fusion event, and its role in fostering community engagement and collaboration in open source security. We encourage listeners to join these endeavors and contribute to solving significant security challenges. 2024-10-0225 min

Open at IntelFrom Fear to Confidence: Navigating Open Source SecurityIn this episode, we welcomed back Christopher Robinson, aka CRob, to discuss his extensive work in the Open Source Security Foundation (OpenSSF). We chatted about the importance of open source software security, detailing the various initiatives aimed at improving security standards. CRob shares insights into the working groups and projects within OpenSSF, focusing on their efforts to educate developers and security researchers. We also touched on the upcoming SOSS Fusion event, and its role in fostering community engagement and collaboration in open source security. We encourage listeners to join these endeavors and contribute to solving significant security challenges. 2024-10-0225 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastDell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise LevelIn this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a complex enterprise. Sarah sits on the OpenSSF Technical Advisory Council and at Dell’s she has been instrumental in cybersecurity innovation, conducting research within the global CTO R&D organization. Her career spans pivotal roles, including being an enterprise security architect and engaging in Identity and Access Management and IT at prestigious organizations like Wells Fargo and the U.S...2024-10-0116 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastBidding Adieu to Omkhar ArasaratnamIn this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As Omkhar moves on to the next chapter of his occupational journey, he reflects on his tenure with the OpenSSF, shares his open source origin story and highlights the achievements of the OpenSSF and the tactics he used to engage different stakeholders. Omkhar shares his open source origin story02:14 - Things Omkhar is proud of during his tenure at the OpenSSF04:36 - The challenge of keeping myriad stakeholders engaged07:12 - Areas of...2024-09-1720 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastCoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open SourceOmkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay White, security principal program manager at Microsoft. David and Jay are on the Project Governing Board for the Coalition for Secure AI (CoSAI), an alliance of industry leaders, researchers and developers dedicated to enhancing the security of AI implementations. Additionally, Jay — along with Mihai — are leads on the OpenSSF AI/ML Security Working Group. In this conversation, they dig into CoSAI’s goals and the potential partnership with the OpenSSF.00:57 - Guest introductions01:56 - Dave and Ja...2024-09-1022 min

SecurityWeek Podcast Series - Cybersecurity Insights

SecurityWeek Podcast Series - Cybersecurity InsightsFireside Chat: Bennett Pursell on the OpenSSF Siren Threat Intel ProjectIn this session SecurityWeek speaks to Bennett Pursell, Ecosystem Strategist at the Open Source Security Foundation (OpenSSF) about OpenSSF Siren, a community data-sharing initiative aimed at bolstering the defenses of open source projects worldwide. In this fireside chat, Pursell discusses the origins and goals of OpenSSF Siren, exploring transparent access to data that can help small- and medium-sized businesses during active incidents. Pursell also shares insights on the value of threat intelligence, the shelf life of IOC (indicators of compromise) and how businesses with limited resources can mitigate exposure to risk.(Recorded at SecurityWeek's 2024 Threat Detection & Incident...2024-09-0630 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastGitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…”In this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Depar...2024-09-0322 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastCISA's Aeva Black and the Public Sector View of Open Source SecurityIn this episode, Omkhar Arasaratnam visits with Aeva Black, who currently serves as the Section Chief for Open Source Security at CISA, and is an open source hacker and international public speaker with 25 years of experience building open source software projects at large technology companies. She previously led open source security strategy within the Microsoft Azure Office of the CTO, and served on the OpenSSF Technical Advisory Committee, the OpenStack Technical Committee, and the Kubernetes Code of Conduct Committee. In her spare time, Aeva enjoys riding motorcycles up and down the west coast.01:37...2024-08-2712 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastGoogle’s Andrew Pollock and Addressing Open Source VulnerabilitiesEpisode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, great user experiences and self-service opportunities. He has primarily worked in Linux/Unix environments as a Site Reliability Engineer or Security Engineer, with a strong interest in process improvement and automation.00:52 - Andrew shares his background as a “mid-90s data nerd”02:31 - Managing vulnerabilities in the open sour...2024-08-1312 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastRust Foundation’s Bec Rumbul and Succeeding as a “Non-Techie” in a Tech-Heavy IndustryBec Rumbul is the Executive Director and CEO of the Rust Foundation, a global non-profit that stewards the Rust language, supports maintainers, and ensures that Rust is safe, secure, and sustainable for the future. She holds a PhD in Politics and Governance and has worked as a consultant and researcher with governments, parliaments and development agencies all over the world, advocating for openness and transparency and developing tools to improve digital participation.02:57 Bec shares her day-to-day activities with the Rust Foundation04:53 Bec on her sometimes tricky responsibilities during her time at the U.N.06:35 How Bec communicates the...2024-07-3018 min

Open at IntelThe Burden of Security in Software MaintenanceIn this episode, John Kjell, Director of Open Source at TestifySec, discusses his involvement in various open source projects and the intricacies of maintaining such projects. John sheds light on his work with the CNCF and OpenSSF, and the impact of tools like Witness, Archivista, and SLSA. He outlines the challenges maintainers face, especially around security, and offers insights into balancing professional and personal responsibilities. John also explores the significance of community, inclusivity, and a secure developer identity in open source ecosystems. 00:00 Introduction and Guest Background 01:20 Maintainer Burnout and Security Challenges 04:41 Balancing Multiple Projects and...2024-07-2426 min

Open at IntelThe Burden of Security in Software MaintenanceIn this episode, John Kjell, Director of Open Source at TestifySec, discusses his involvement in various open source projects and the intricacies of maintaining such projects. John sheds light on his work with the CNCF and OpenSSF, and the impact of tools like Witness, Archivista, and SLSA. He outlines the challenges maintainers face, especially around security, and offers insights into balancing professional and personal responsibilities. John also explores the significance of community, inclusivity, and a secure developer identity in open source ecosystems. 00:00 Introduction and Guest Background 01:20 Maintainer Burnout and Security Challenges 04:41 Balancing Multiple Projects and...2024-07-2426 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastSonatype’s Brian Fox and the Perplexing Phenomenon of Downloading Known VulnerabilitiesBrian Fox is Co-founder and Chief Technology Officer at Sonatype, bringing over 28 years of hands-on experience driving software development for organizations of all sizes, from startups to large enterprises. A recognized figure in the Apache Maven ecosystem and a longstanding member of the Apache Software Foundation, Brian has played a crucial role in creating popular plugins like the maven-dependency-plugin and maven-enforcer-plugin. His leadership includes overseeing Maven Central, the world's largest repository of open-source Java components, which recently surpassed a trillion downloads annually.As a Governing Board member for the Open Source Security Foundation, Brian actively c...2024-07-1622 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastArun Gupta and Giving Back to Security CommunitiesArun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has been an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles, contribute, and collaborate effectively.On July 9th and 10th, the OpenSSF will attend the 2024 OSPOs for Good symposium hosted by the UN. What’s in the SOSS? co-host Omkhar Arasaratnam and Arun will lead a session called “Engaging the Open Source Community.”Foll...2024-07-0222 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastStacklok's Adolfo García Veytia Digs Into SBOMs and VEXThe world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation behind the release process. Puerco is one of the original authors of OpenVEX, an OpenSSF project working towards a minimal implementation of VEX that can be easily embedded and attested. He's also a contributor to the SPDX project and a maintainer of severa...2024-06-1818 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastA Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS?Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s Technical Advisory Committee (TAC) Chair. And soon, CRob will step into another role: co-host of What’s in the SOSS? With 25 years of enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the financial, medical, legal, and manufacturing verticals. He also spent six years helping lead the Red Hat Product Security team as their Program Architect.00:57 - CRob’s day-to-day activities and his affiliation with the OpenSS...2024-06-1120 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastOpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source SecurityMatt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore the frontier of AI, understand its impacts and maximize its benefits, especially in the cybersecurity domain. 00:40 - Matt’s duties at OpenAI01:52 - Matt’s accidental journey into cybersecurity05:18 - The intersection of AI and open source06:45 - Matt’s thoughts on how AI can help security professionals08:53 - Details on the AI Cyber Challenge (AIxCC)10:53 - Matt answers Omkhar’...2024-06-0414 min

Redefining CyberSecurity

Redefining CyberSecurityWhy the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean MartinGuests: Omkhar Arasaratnam, General Manager, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/omkhar/Adrianne Marcum, Technical Project Manager, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/adriannefranscinimarcumArun Gupta, VP/GM Open Ecosystem at Intel, Governing Board Chair, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/arunpgupta/On Twitter | https://twitter.com/arunguptaChristopher Robinson, Chairperson of the Technical Advisory Council, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/darthcrob/____________________________Host: Sean M...2024-05-2342 min

ITSPmagazine Podcasts

ITSPmagazine PodcastsWhy the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean MartinGuests: Omkhar Arasaratnam, General Manager, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/omkhar/Adrianne Marcum, Technical Project Manager, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/adriannefranscinimarcumArun Gupta, VP/GM Open Ecosystem at Intel, Governing Board Chair, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/arunpgupta/On Twitter | https://twitter.com/arunguptaChristopher Robinson, Chairperson of the Technical Advisory Council, OpenSSF [@openssf]On LinkedIn | https://www.linkedin.com/in/darthcrob/____________________________Host: Sean M...2024-05-2342 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastEric Brewer and the Future of Open Source SecurityIn this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s. 01:15 - Eric discusses his background03:14 - Improving security in a corporate vs. open source environment05:58 - Advancements Eric has noticed in open source in recent years07:17 - How to make software repositories more secure08:58 - The next big...2024-05-2116 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastMark Russinovich and AI’s Impact on Software Engineering and Open Source Software SecurityIn this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of the Jeff Aiken cyberthriller novels Zero Day, Trojan Horse and Rogue Code, and co-author of the Microsoft Press Windows Internals books.00:36 - Mark on his role at Azure01:30 - Where AI is headed and its impact on enterprises04:06 - The task of teaching a mach...2024-05-0717 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastChristoph Kern and the Challenge of Keeping Google SecureIn this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security.00:42 - Christoph offers a rundown of his duties at Google01:38 - Google’s general approach to security03:02 - What Christoph describes as “stubborn vulnerabilities” and how to stop them06:42 - An overview of Google’s security ecosystem10:00 - Why memory safety is so important12:23 - Solving memory safety problems via languages16:23 - Omkhar’s rapid-fire questions18:28 - Why Christoph...2024-04-2320 min

Nerding Out With Viktor

Nerding Out With ViktorMastering OpenSSF Scorecards & SBOMs with Chris SwanJoin Viktor Petersson on this episode of Nerding Out with Viktor as he dives into the world of open source security with guest Chris Swan, a seasoned engineer at Atsign. Together, they explore the critical role of SBOMs (Software Bill of Materials) and OpenSSF Scorecards in securing software and promoting transparency. Chris shares his expertise on how Atsign harnesses these tools to safeguard their networking platform and build trust with users. The conversation shines a light on the importance of OpenSSF within the Linux Foundation, highlighting Atsign's adoption of scorecards as a testament to their commitment to security...2024-04-221h 00

Nerding Out With Viktor (audio only)

Nerding Out With Viktor (audio only)Mastering OpenSSF Scorecards & SBOMs with Chris SwanJoin Viktor Petersson on this episode of Nerding Out with Viktor as he dives into the world of open source security with guest Chris Swan, a seasoned engineer at Atsign. Together, they explore the critical role of SBOMs (Software Bill of Materials) and OpenSSF Scorecards in securing software and promoting transparency. Chris shares his expertise on how Atsign harnesses these tools to safeguard their networking platform and build trust with users. The conversation shines a light on the importance of OpenSSF within the Linux Foundation, highlighting Atsign's adoption of scorecards as a testament to their commitment to security...2024-04-221h 00 $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Thursday April 18th, 2024AgentTesla via PDF; GlobalProtect Updates; Open Source Takeovers; OpenMetaData Attacks Malicious PDF File As Delivery Mechanism https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848 Updated Palo Alto Networks GlobalProtect Guidance https://security.paloaltonetworks.com/CVE-2024-3400 Coordinated Social Engineering Takeovers of Open Source Projects; https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/ OpenMetaData Attacks https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/ keywords: openmetadata; social engineering; open source; openssf; openjs; pan; globalprotect; pdf; agenttesla 2024-04-1805 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastVincent Danen and the Art of Vulnerability ManagementOmkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. He’s also on the Governing Board of the OpenSSF. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development.Links: Vincent Danen’s LinkedIn pageRed Hat Product Security Vulnerability ManagementOpenSSF Security Toolbelt 2024-04-1118 min $What\'s in the SOSS? An OpenSSF Podcast$ What's in the SOSS? An OpenSSF PodcastWhat's in the SOSS? PreviewOmkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF) and a veteran cybersecurity and technical risk management executive. Before joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a seasoned technology leader, Omkhar has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. He is also an accomplished author and has led contributions to many international standards. In this short preview, Omkhar offers a sneak peek into the coming What's in the SOSS? p...2024-03-2600 min

Application Security Weekly (Video)

Application Security Weekly (Video)GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification - ASW #278The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in InfoSec (and AppSec), and more! Show Notes: https://securityweekly.com/asw-278 2024-03-2532 min

Application Security Weekly (Video)

Application Security Weekly (Video)GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification - ASW #278The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in InfoSec (and AppSec), and more! Show Notes: https://securityweekly.com/asw-278 2024-03-2532 min $Paul\'s Security Weekly (Audio)$ Paul's Security Weekly (Audio)Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock...2024-03-142h 48

Security Weekly Podcast Network (Audio)

Security Weekly Podcast Network (Audio)Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock...2024-03-142h 48 $Paul\'s Security Weekly (Video)$ Paul's Security Weekly (Video)Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-measurable-software/ https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf Show Notes: https://securityweekly.com/psw-820 2024-03-1452 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday February 13th, 2024Mirai vs BYTEVALUE; Targeted Cloud Attack; Repo Security; Postgresql Vuln; Comma vs MSFT Defender Exploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642 Senior Executives Targeted in Ongoing Azure Account Takeover https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover CISA Parners With OpenSSF To Secure Software Repositories https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package PostgreSQL Vulnerability https://www.postgresql.org/support/security/CVE-2024-0985/ Microsoft Defender Bypass via Comma https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt keywords...2024-02-1305 min

AppSec Now

AppSec NowEpisode 13: August, 2023 - OpenSSF / Hacker Summer CampJoin Aubrey King, from DevCentral, as he talks with a record number of guests - 8 - for August, 2023 This Month In Security! Topics are OpenSSF and "Hacker Summer Camp" in Las Vegas (B-Sides, BlackHat, Defcon), as well as the latest news. You'll hear from David Wheeler, from the Linux Foundation, Akira Brand, from Application Security Weekly podcast and F5'ers Buu Lam, Christine Abernathy, Trishan DeLanerole, Aaron Brailsford, Malcolm Heath and Sander Vinberg! 00:00:00 Introduction 00:02:55 Aubrey & Akira chat Ops and OpenSSF 00:06:48 OpenSSF Update w/ David Wheeler 00:24:11 B-Sides LasVegas & Defcon 2023 Report 00:35:54 BlackHat 2023 Report 00:43:12 Aubrey & Akira chat SecOps Perspectives 00:46:13 The Latest CyberSecurity...2024-01-111h 01

Open at IntelThe Art of Open Source: A Conversation with Stephen AugustusStephen Augustus, the Head of Open Source at Cisco, shares his experiences and insights about contributing to and maintaining open source projects including Kubernetes and OpenSSF Scorecard. Stephen highlights the importance of building sustainable practices and the value of having product, program, and project management skills in open source projects. Discussions delve into the inner workings of the Kubernetes project, the role and functionality of the OpenSSF Scorecard, and the process of incorporating new contributors and projects. He further emphasizes the importance of transparency and intentionality in corporations' involvement in open source projects. 00:00 Introduction and Guest Background 2023-12-0630 min

Open at IntelThe Art of Open Source: A Conversation with Stephen AugustusStephen Augustus, the Head of Open Source at Cisco, shares his experiences and insights about contributing to and maintaining open source projects including Kubernetes and OpenSSF Scorecard. Stephen highlights the importance of building sustainable practices and the value of having product, program, and project management skills in open source projects. Discussions delve into the inner workings of the Kubernetes project, the role and functionality of the OpenSSF Scorecard, and the process of incorporating new contributors and projects. He further emphasizes the importance of transparency and intentionality in corporations' involvement in open source projects. 00:00 Introduction and Guest Background 2023-12-0630 min

Cyber Briefing

Cyber BriefingOctober 18, 2023 - Cyber Briefing👉 What's trending in cybersecurity today? 🚨 #CyberAlerts Fake IT-Alert Service Spreads SpyNote Android Malware Source: d3lab.net Critical Vulnerabilities in Open Source CasaOS Cloud Software Pose Security Risk Source: Sonar Research ClearFake Malware Threat Exploiting Fake Browser Updates Source : Proofpoint Critical Vulnerabilities in Weintek HMIs Raise Security Concerns Source: Cybersecurity Information Security Agency Critical Synology DSM Vulnerability Enables Admin Password Decryption Source : Synology 💥 #CyberIncidents Major Ransomware Attack Hits TV Advertising Sales Giant Ampersand Sour...2023-10-1812 min $It\'s 5:05! Daily cybersecurity and open source briefing$ It's 5:05! Daily cybersecurity and open source briefingEpisode #245: npm Typo-Squat Deploys RootKits; Software Supply Chain: What Matters to an Architect; Security During Software Creation; OpenSSF Scorecards for Open Source🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we're covering today.Marcel Brown: October 6th, 1942. Chester Carlson is issued a patent on a process called electrophotography, now commonly known as photocopying. It was not until 1946 that a company had any interest in pursuing photocopying commercially.Edwin Kwan: A malicious component in the npm package registry has been found to be deploying an open-source rootkit. This incident is a reminder that developers need to take caution...2023-10-0614 min

Application Security Weekly (Video)

Application Security Weekly (Video)A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257Attackers impersonate Dependabot commits, an alg of "none" plagues a JWT, CISA calls for hardware bills of materials, OpenSSF lists its critical projects, Exim (finally! maybe?) has some patches, bug bounties and open source projects, and more! Show Notes: https://securityweekly.com/asw-257 2023-10-0339 min

Application Security Weekly (Video)

Application Security Weekly (Video)A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257Attackers impersonate Dependabot commits, an alg of "none" plagues a JWT, CISA calls for hardware bills of materials, OpenSSF lists its critical projects, Exim (finally! maybe?) has some patches, bug bounties and open source projects, and more! Show Notes: https://securityweekly.com/asw-257 2023-10-0339 min

Buongiorno da Edo

Buongiorno da EdoAWS acquisisce Fig e spegne EC2-Classic, e altre novità - Buongiorno 127Un botto di news, partiamo da AWS che acquisisce Fig e spegne EC2-Classic, poi l'alleanza dei brevetti RISC-V in Cina per contrastare le sanzioni, il fork di OpenTF finalmente pubblico, Open Source Consumption Manifesto a opera della OpenSSF e infine aggiornamenti dal W3C su CSS Transitions. #aws #fig #ec2 #riscv #opentf #oscm #openssf #w3c === Podcast Anchor - ⁠https://anchor.fm/edodusi⁠ Spotify - ⁠https://open.spotify.com/show/4B2I1RTHTS5YkbCYfLCveU⁠ Apple Podcasts - ⁠https://podcasts.apple.com/us/podcast/buongiorno-da-edo/id1641061765⁠ Google Podcasts - ⁠https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy9iMWJmNDhhM...2023-09-0723 min

Power Moment with Paula LamasRetos y oportunidades para ser resiliente en la era digitalEn este mundo cada vez más interconectado, el software de código abierto es la base de todo, desde los sistemas financieros hasta los servicios públicos. Dado que el software permite la vida moderna e impulsa la productividad, también crea una superficie de ataque en expansión para las personas con malas intenciones. La falta de herramientas capaces de proteger los sistemas es cada vez más evidente con las noticias de ataques cibernetico que afectan a millones de personas. La firma de ciberseguridad Check Point ya la compara con una pandemia ciberné...2023-08-2029 min

The Cyber Ranch PodcastThe Open Source Security Foundation with Omkhar ArasaratnamThe OpenSSF is doing invaulable work for the cybersecurity community. And their new managing director happens to be Omkhar Arasaratnam, whose appearance on the show a while back created one of our most popular episodes ever! Omkhar is back to talk about the OpenSSF: What is the OpenSSF and how does it relate to the Linux Foundation? What is the organization's mission? What is the organization's vision? What exciting projects are taking place (and a sneak peek about some upcoming announcements at Black Hat!) What mark do you want to leave on the OpenSSF as Managing Director? Om...2023-08-0231 min

Open Source Security

Open Source SecurityWhat's next for open source?Josh and Kurt talk about some of the efforts to measure and understand open source. There are projects like the OpenSSF Scorecard. We want to measure open source for some idea of quality. Is AI generated code better than a random open source project found on GitHub? Can we track the countries contributors are from? These are all interesting problems that everyone will have to deal with soon. Show Notes OpenSSF Scorecard 2023-07-1741 min

Three Buddy Problem

Three Buddy ProblemOpenSSF GM Omkhar Arasaratnam on open-source software securityEpisode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) New General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins Ryan for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.Links:OpenSSF Welcomes New General ManagerOpenSSF Alpha-OmegaCSRB report on Log4jBig Tech Object to US Gov SBOM MandateOmkhar Arasaratnam on LinkedIn 2023-07-0536 min

Resilient Cyber

Resilient CyberS4E22: Omkhar Arasaratnam - OSS and OpenSSFYou are now at the Open Source Security Foundation - but you have a ton of experience (even as a former IBMer) from Google, to JPMorgan, and financial institutions through architecture, management, and engineering. Can you talk a little bit about your leadership journey? Let's dig into OpenSSF a bit more - we're only seeing an increase in software supply chain attacks - what is driving the OpenSSF and any particular threats you're concerned with at the moment? We know the OpenSSF has focused heavily on securing OSS and the ecosystem and even launched the OS...2023-06-2341 min

ConversingLabs Podcast

ConversingLabs PodcastHow Do You Trust Open Source Software?In this episode, host Paul Roberts chats with Naveen Srinivasan, an OpenSSF Scorecard Maintainer, about his talk at this year’s RSA Conference on how to better trust open source software. In their conversation, Naveen explains how the OpenSSF Scorecard tool can help developers understand the security posture of open source dependencies.2023-06-1415 min

Techstrong 55Episode #79 - Techstrong 55, Thursday, June 8, 2023Hello everyone and welcome to Techstrong 55. Today is Thursday, June 8th, and I am your host William Willis. In today’s show, we will hear about the intersection of open-source software and DevOps with David Sandilands and Ben Ford from Puppet. Then, we will hear about exciting research and ongoing work within the OpenSSF with Yesenia Yser and Jonathan Leitschuh from the OpenSSF. Finally, we will hear about the launch of AWS Multi Account Support with Toni de la Fuente from Prowler Pro. Without further ado, let's get the show started. Enjoy. In thi...2023-06-081h 03

Security Weekly Podcast Network (Audio)

Security Weekly Podcast Network (Audio)PSW #770 - Brian BehlendorfThis week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included! Open source is the bedrock of most of the world’s software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and tools and processes that encourage teamwork and shared res...2023-01-272h 47 $Paul\'s Security Weekly (Audio)$ Paul's Security Weekly (Audio)PSW #770 - Brian BehlendorfThis week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and faulty evaluations, 31 new CPU vulnerabilities for AMD, a look into Chrome, santa, not-so-secure secure booting, and malware included! Open source is the bedrock of most of the world’s software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and tools and processes that encourage teamwork and shared res...2023-01-272h 47 $Paul\'s Security Weekly (Video)$ Paul's Security Weekly (Video)How Do We Raise the Floor for Software Quality? - Brian Behlendorf - PSW #770Open source is the bedrock of most of the world’s software today, so how to raise the floor on software quality across the industry? First, we need better tools to measure the trustworthiness of code based on objective measures, processes that encourage better security practices by developers, and tools and processes that encourage teamwork and shared responsibility for security. Several efforts are underway in major open source communities to address these issues. At the Open Source Security Foundation (OpenSSF), major companies, open source software maintainers, startup companies and government actors are working together to improve open source software su...2023-01-2658 min

Linux Inlaws

Linux InlawsLI_S01E76_FLOSS_in_HealthcareIn this episode, Martin and Chris host an industry veteran to get the user's side perspective on FLOSS usage especially from a health provider perspective. As FLOSS components are a vital part of any of today's enterprise IT systems, medical providers and health care in general are no exception apart from the much higher regulatory and compliance requirements this industry postulates. The discussion centers around these requirements and how to fulfil them in addition to a more security-focussed conversation as these medical IT systems present a prime target for attackers not only due to the sensitive personal information many of...2023-01-2600 min

We Speak CVE

We Speak CVECoordinated Vulnerability DisclosureShannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF’s “Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects” document and the important step of obtaining a CVE ID in the coordinated vulnerability disclosure process for open-source vulnerabilities.OpenSSF is a “cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them.” The CVD Guide was released by OpenSSF’s Vulnerability Disclosure working group in September 2022, which in 2021 released its “Guide to Implementing a Coordinated Vu...2022-12-3023 min

Application Security Weekly (Video)

Application Security Weekly (Video)Text4Shell, GUAC for SLSA, OpenSSF Scorecards, Toner Deaf, OWASP Elections - ASW #217Text4Shell isn't a new patching hell, using supply chain info with GUAC, OpenSSF Scorecards and metrics, Toner Deaf firmware persistence, upcoming OWASP Board Elections, Chrome browser exploitation Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw217 2022-10-2640 min

Application Security Weekly (Video)

Application Security Weekly (Video)Text4Shell, GUAC for SLSA, OpenSSF Scorecards, Toner Deaf, OWASP Elections - ASW #217Text4Shell isn't a new patching hell, using supply chain info with GUAC, OpenSSF Scorecards and metrics, Toner Deaf firmware persistence, upcoming OWASP Board Elections, Chrome browser exploitation Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw217 2022-10-2640 min

Enterprise Security Weekly (Video)

Enterprise Security Weekly (Video)The State of Software Supply Chain Security and Trends in Managing Threats - Eric Tice - ESW #292Discuss the current state of the industry as it relates to the threats to application usage of open source. Understand what is being done to define risk, improve education and provide ways to proactively mitigate those risks. Segment Resources: https://openSSF.org https://openssf.org/oss-security-mobilization-plan/ https://slsa.org https://github.com/ossf/wg-best-practices-os-developers https://github.com/ossf/education/tree/main/plan https://github.com/ossf/sirt https://www.brighttalk.com/webcast/15811/528611?utm_source=brighttalk-portal&utm_medium=web&utm_content=eric%20t...2022-10-1444 min

The New Stack PodcastInside a $150 Million Plan for Open Source Software SecurityAUSTIN, TEX. —Everyone uses open source software — and it’s become increasingly apparent that not nearly enough attention has been paid to the security of that software. In a survey released by The Linux Foundation and Synk at the foundation’s Open Source Summit in Austin, Tex., this month, 41% of organizations said they aren’t confident in the security of the open source software they use.At the Austin event, The New Stack’s Makers podcast sat down with Brian Behlendorf, general manager of Open Source Security Foundation (OpenSSF), to talk about a new plan to attack the problem f...2022-06-2912 min

Open Source Security

Open Source SecurityIs one open source maintainer enough?Josh and Kurt talk about a recent OpenSSF issue that asks the question how many open source maintainers should a project have that's "healthy"? Josh did some research that shows the overwhelming majority of packages have one maintainer. What does that mean? Show Notes OpenSSF TAC Issue 101 2022-05-3035 min

Application Security Weekly (Video)

Application Security Weekly (Video)Typosquatting, Curl's Security Update, & OpenSSF's 10 Point Mobilization Plan - ASW #197This week in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, interesting appsec from Black Hat Asia. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw197 2022-05-1840 min

Application Security Weekly (Video)

Application Security Weekly (Video)Typosquatting, Curl's Security Update, & OpenSSF's 10 Point Mobilization Plan - ASW #197This week in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, interesting appsec from Black Hat Asia. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw197 2022-05-1840 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$ SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Tuesday May 3rd, 2022VSTO Office Files; Gmail SMTP Relay; OpenSSF Package Analysis; M1 Prefetcher Leak Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit OpenSSF Package Analysis https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ M1 Prefetcher Data Leak https://www.prefetchers.info keywords: M1; apple; prefetcher; openssf; gmail; smtp; vsto; office 2022-05-0305 min

In the Open with Luke and Joe

In the Open with Luke and JoeOpen source software, cybersecurity, and OpenSSF | Jamie Thomas, Chair, OpenSSFAs General Manager of Strategy and Development, IBM Systems, Jamie Thomas sets the direction for IBM Systems, Power, Z, and Storage systems. She also currently serves as Board Chair of the Open Source Security Foundation. In her leadership roles, Jamie is uniquely positioned to provide insight on what lies ahead for open source development, software, and the systems that serve as the technology backbone for companies around the world. Jamie joins hosts Luke Schantz and Joe Sepi to talk about her storied career at IBM and what lies ahead for the technology that helps most large organizations r...2022-04-1449 min

IBM Developer Podcast

IBM Developer PodcastOpen Source Security Foundation | Interview with Brian Behlendorf, GM, OpenSSFBrian Behlendorf is the General Manager of the Open Source Security Foundation. Brian has dedicated his career to connecting and empowering the free software and open source community to both solve difficult technology problems and have a positive impact on society. From startup company founder, to advisor to the U.S. government, to non-profit board member and employee of the World Economic Forum, he's been at the forefront of the open source software revolution. Join hosts Luke Schantz and Joe Sepi as they get Brian's take on the latest open source software developments. As the recent Log4J...2022-02-2349 min

Open Source Security

Open Source SecurityThe bright future of open source securityJosh and Kurt talk about NPM requiring 2FA for the top 100 packages. We discuss the new Alpha and Omega projects from the OpenSSF and what it could mean for the future of open source security. Then we end on a note about the new Samba critical vulnerability. Show Notes NPM requires 2FA OpenSSF Alpha and Omega David A. Wheeler episode Linux Foundation LFX Samba Advisory 2022-02-0731 min

Software Defined Talk

Software Defined TalkParadox of AdviceThis week we discuss Cloud Earnings, OpenSSF’s new project and Tim Bray’s take on Cloud. Plus, some thoughts on data gravity… Rundown Earnings Apple tops earnings expectations on strong iPhone sales Microsoft Azure exceeded $40 billion in annualized revenue Alphabet crushes earnings, announces 20-for-1 stock split Docker makes comeback with over $50M in ARR two years into restructuring OSS Security Open Source Security Foundation (OpenSSF) OpenSSF Announces The Alpha-Omega Project to Improve Software Supply Chain Security for 10,000 OSS Projects Citrix goes private Tim Bray’s take on Cloud Relevant to your Interests Confluent and AWS...2022-02-041h 02

Open Source Security

Open Source SecurityDavid A Wheeler discusses the OpenSSFJosh and Kurt talk to David A. Wheeler about everything OpenSSF. The Open Source Security Foundation is part of the Linux Foundation, and there are 6 OpenSSF working groups. David does a great job explaining how the OpenSSF works and what the 6 working groups are doing. The working group are (in no particular order): Identifying Security Threats, Security Tooling, Best Practices, Vulnerability Disclosures, Digital Identity Attestation, Securing Critical Projects. Show Notes David A Wheeler Episode 14 – David A Wheeler: CII Badges Sigstore joins the OpenSSF OpenSSF Technical Working Groups NPM requires MFA LISH Backstabber's Knife Collection: A Review of Op...2021-11-2238 min

Open Source Security

Open Source SecurityScoring OpenSSF Security ScoringJosh and Kurt talk about the release of OpenSSF Security Scorecards version 3. This is a great project that will probably make a huge difference. Most of the things the scorecards are measuring are no brainier activities. We go through the list of metrics being measured. There are only a few that we don't think are fantastic. Show Notes 4 of spades OpenSSF Chris Montgomery audio explanation Scorecard 3.0.0 Scoring criteria Python Skeleton 2021-10-1834 min

DevOps and Docker Talk: Cloud Native Interviews and Tooling

DevOps and Docker Talk: Cloud Native Interviews and ToolingContainerd with Phil Estes🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation in 2025. I'm so thrilled to announce this course. The waitlist allows you to quickly sign up for some content updates, discounts, and more as I finish building the course.https://courses.bretfisher.com/waitlist 🍾Phil Estes from AWS joins Bret to talk about containerd/state of the project, Docker Desktop alternatives and how developers are using containerd, OpenSSF, and supply chain security, and how containers will play a role. There's a lot of...2021-10-151h 01

Sudo Show

Sudo Show35: Busting Open Source Security MythsEric and Brandon sit down and look into some of the biggest security myths around Open Source software and one by one debunk them right on the show! Destination Linux Network Sudo Show Website Sponsor: Bitwarden Sponsor: Digital Ocean Sudo Show Swag Contact Us: DLN Discourse Email Us! Sudo Matrix Room Heartbleed Sophos: Venom Virtual Machine Escape Bug Tidelift Blog: More than Half of Maintainers Have Quit or Considered Quitting, and Here’s Why Jaeger Tracing Article: Measure the Health of Open So...2021-09-3034 min

Google Cloud Platform Podcast

Google Cloud Platform PodcastSecure Software Supply Chain with Nikhil Kaul and Victor SzalvayThis week on the podcast, hosts Stephanie Wong and Bukola Ayodele speak with Nikhil Kaul and Victor Szalvay about security in the software supply chain. Cloud OnAir will be offering a virtual event on supply chain software security on July 29th, and our guests start the show by telling us more about it. The recent cyber attacks on US companies have brought to light the importance of cyber security. A new set of guidelines for securing these components and software as a whole will be released soon, impacting not just software developers but the users as well...2021-07-2133 min

IT i TO

IT i TO#06: Engineering Manager w jednorożcu - Marcin HoppeJednorożce rozgrzewają wyobraźnię jeżeli chodzi o swoje finansowanie – a jak wygląda ich codzienność? W tym odcinku rozmawiam z Marcinem Hoppe, engineering manager w Auth0, firmie określanej jako “unicorn”. Dowiesz się z niego nie tylko o tym, jak się ujeżdża jednorożce w codziennej pracy, ale też:• O tym jak wygląda praca w unicorn, czyli firmie wartej według wyceny ponad 1 MLD dolarów• O trzech powodach dla programisty, dlaczego nie powinien sam tworzyć rozwiązania do bezpieczeństwa• O pracy zdalnej w środowisku międzynarodowym w wielu strefach czasowych i kulturowych i jak wyglą...2021-04-161h 04

Dave & Gunnar Show

Dave & Gunnar ShowEpisode 212: Security Requires Thinking (His Monkey, His Circus)This week Dave and Gunnar talk with Dr. David A. Wheeler about what’s new at the Linux Foundation, a brand-new free course on developing secure software, some survey results, and recent news concerning SolarWinds. Open Source Security Foundation (OpenSSF) of the Linux Foundation replaces the Core Infrastructure Initiative (CII) and has several working groups Secure Software Development Fundamentals Courses The Linux Foundation’s Core Infrastructure Initiative (CII) Badge Program is now part of the OpenSSF Best Practices Working Group Project statistics, now >3,500 participating projects & >500 passing badges If you develop OSS, make sure your projects are pursuing a badg...2021-01-2649 min