Python Security with Seth Larson
Open Source Security24 Marras 2025

Python Security with Seth Larson

In this episode Seth Larson gives us a cornucopia of topics relating to Python security. Seth discusses the Python Software Foundation's decision to reject a significant grant NSF. Diversity is a big deal to python, so this was a no brainier. We discuss the upcoming PyCon US conference, featuring a new security track that fosters collaboration between developers and security experts. Josh is a huge fan of having a security track at developer conferences. And we close on a paper about zip and tar archives Seth wrote. It seems like we should have zip and tar security figured out by now, but we don't. Thankfully Seth is working on it.

The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-11-python-security-seth-larson/

Jaksot(526)

Open Source Pledge with Vlad-Stefan Harbuz

Open Source Pledge with Vlad-Stefan Harbuz

Josh has a discussion with Vlad-Stefan Harbuz about the Open Source Pledge as well as his recent FOSDEM talk. The Open Source Pledge is all about trying to build a sustainable universe for open source...

27 Huhti 34min

Building a plan for disaster with David Bernstein

Building a plan for disaster with David Bernstein

Josh welcomes back David Bernstein to talk about creating a disaster recover plan. It's a very timely topic given all the current events. There are more supply chain attacks and compromises than ever ...

20 Huhti 39min

Open Source Malware with Paul McCarty

Open Source Malware with Paul McCarty

Josh talks to Paul McCarty of Open Source Malware about ... open source malware. Paul explains why there aren't many good open source malware datasets. We discuss why the existing data is lacking for ...

13 Huhti 38min

Package management challenges with Andrew Nesbitt

Package management challenges with Andrew Nesbitt

Josh welcomes back Andrew Nesbitt to discuss some recent blog posts he wrote about the challenges of new ecosystems as well as challenges of no ecosystems like C. There aren't very many people who loo...

6 Huhti 36min

Open Source Security at scale with Michael Winser

Open Source Security at scale with Michael Winser

Josh talks to Michael Winser about a talk he gave at FOSDEM as well as his work on Alpha Omega at the Linux Foundation. Michael is approaching open source security in a way that nobody has ever tried ...

30 Maalis 42min

2026 State of the Software Supply Chain with Brian Fox

2026 State of the Software Supply Chain with Brian Fox

Josh chats with Brian Fox from Sonatype about their 2026 State of the Software Supply Chain report. Most of the number continue to grow at alarming rates, but there's some new interesting findings in ...

23 Maalis 35min

MCP and Agent security with Luke Hinds

MCP and Agent security with Luke Hinds

Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke's new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We ...

16 Maalis 35min

The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

Josh talks to Paul Kehrer and Alex Gaynor, from the Python Cryptographic Authority. Alex and Paul recently published a statement discuss the challenges posed by modern OpenSSL. We discuss the statemen...

9 Maalis 33min