Episode 286 - Open source supply chain with Google's Dan Lorenc

In this episode Jan Pleskac, CEO and co-founder of Tropic Square, shares insights on the challenges and innovations in creating open and auditable hardware. While most hardware is very closed, Tropic ...

21 Jul 202530min

I'm joined by Philippe Ombredanne, creator of the Package URL (PURL), to discuss the surprisingly complex and messy problem of simply identifying open source software packages. We dive into how PURLs ...

23 Jun 202536min

Thomas DePierre joins Open Source Security to discuss the central idea from his blog post, "You are all on the hobbyist maintainers turf now," exploring the massive disconnect between the corporate wo...

16 Jun 202549min

I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools li...

9 Jun 202533min

I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more. With this dataset Andrew is...

2 Jun 202535min

Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's new policy of banning the bad actors while establishi...

26 Mai 202534min

I recently had a chat with Kairo about a project he maintains called Repository Service for TUF (RSTUF). We explain why TUF is tough (har har har), what RSTUF can do, and some of the challenges around...

19 Mai 202533min

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent secur...

12 Mai 202531min