Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Player FM - Internet Radio Done Right
Checked 2d ago
Added one year ago
Content provided by OpenSSF. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by OpenSSF or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to What's in the SOSS? An OpenSSF Podcast
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
A podcast about web design and development.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
V
Via Podcast
1 Close Encounters with UFO Hot Spots: Area 51, Roswell, and the Great ET Road Trip 39:50
39:50 
Play Later 
Play Later 
Lists 
Like 
Liked39:50
Play Later
Play Later
Lists
Like
LikedThe truth is out West! We’re hopping on the ET Highway and venturing to the most notorious alien hot spots, including Roswell’s infamous crash site, Area 51’s eerie perimeter, and a mysterious desert watchtower. Join us as journalist Laura Krantz, host of the podcast Wild Thing , beams up to share stories from the front lines of UFO reporting—from strange sightings and quirky festivals to a mailbox where people leave letters to extraterrestrials. Maybe you’ll even decide for yourself: Is Earth a tourist stop for spaceships? UFO hot spots you’ll encounter in this episode: - UFO Watchtower (near Great Sand Dunes National Park, Colorado) - Roswell, New Mexico - Area 51, Nevada - Extraterrestrial Highway (aka State Route 375), Nevada - Little A’Le’Inn, ET Highway, Nevada - E.T. Fresh Jerky, ET Highway, Nevada - Alien Research Center, ET Highway, Nevada - The Black Mailbox, ET Highway, Nevada Via Podcast is a production of AAA Mountain West Group .…
Google’s Andrew Pollock and Addressing Open Source Vulnerabilities
Manage episode 433932135 series 3564832
Content provided by OpenSSF. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by OpenSSF or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Episode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, great user experiences and self-service opportunities. He has primarily worked in Linux/Unix environments as a Site Reliability Engineer or Security Engineer, with a strong interest in process improvement and automation.
- 00:52 - Andrew shares his background as a “mid-90s data nerd”
- 02:31 - Managing vulnerabilities in the open source ecosystem
- 03:57 - How to navigate inconsistent metadata
- 06:26 - The challenge of source attribution
- 07:54 - The rapid-fire round
- 09:15 - Andrew’s advice to open source developers
- 10:22 - Andrew’s call to action to developers
Episode links:
33 episodes
ShareManage episode 433932135 series 3564832
Content provided by OpenSSF. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by OpenSSF or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Episode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, great user experiences and self-service opportunities. He has primarily worked in Linux/Unix environments as a Site Reliability Engineer or Security Engineer, with a strong interest in process improvement and automation.
- 00:52 - Andrew shares his background as a “mid-90s data nerd”
- 02:31 - Managing vulnerabilities in the open source ecosystem
- 03:57 - How to navigate inconsistent metadata
- 06:26 - The challenge of source attribution
- 07:54 - The rapid-fire round
- 09:15 - Andrew’s advice to open source developers
- 10:22 - Andrew’s call to action to developers
Episode links:
33 episodes
All episodes
×
1 Yoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes 19:49
19:49 Play Later Play Later Lists Like Liked19:49
Play Later Play Later Lists Like LikedIn this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how she found inspiration for her TED Talk in the wisdom of Yoda. The two discuss the myths around DEIA, how the Jedi Council reflects ideal collaboration, and why unlearning old beliefs is key to progress. Plus, stay for the rapid-fire questions and discover if Dr. Hayes is more Marvel or DC. Chapters: 00:00 – Introduction 01:30 – Career Journey 03:10 – Navigating DEIA in Today’s Landscape 07:49 – TED Talk Inspiration: Star Wars & DEI 11:31 – The TED Experience 13:12 – The TED Talk Message 14:38 – Favorite Yoda Quote 16:34 – Rapid Fire Round 18:37 – Final Thoughts 19:10 – Outro Episode links: Dr. Eden-Reneé Hayes LinkedIn Dr. Eden-Reneé Hayes Ted Talk: Yoda's Jedi Mind Tricks for Rethinking DEI | TEDxWaldenPond Join the BEAR Working Group Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
In this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey into open source, the role of LF Education in supporting the community, and the importance of cybersecurity education. They also delve into the development of the Global IT Cyber Skills Framework, emphasizing the need for continuous learning and community engagement in the tech industry. Chapters: 00:00 Introduction to Open Source and LF Education 02:59 Clyde's Journey into Open Source 05:54 The Role of LF Education in Open Source 09:00 Cybersecurity and the Global IT Cyber Skills Framework 11:59 Framework Development and Industry Collaboration 15:13 Continuous Learning and Community Engagement Episode links: Clyde’s Linkedin Linux Foundation Training Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Scaling Security: Inside the GitHub Securing Open Source Software Fund 26:48
26:48 Play Later Play Later Lists Like Liked26:48
Play Later Play Later Lists Like LikedIn this episode of What’s in the SOSS?, CRob sits down with Kevin Crosby and Xavier Rene-Corail from GitHub to unpack the GitHub Secure Open Source Fund - an innovative program that combines funding, education, and community to strengthen open source security. Learn how this unique initiative connects maintainers with training, resources, and a $10K stipend to scale security best practices. The trio also shares the origins of the fund, surprising takeaways from the first cohort, and what’s next for this rapidly growing initiative. Chapters: 00:00 – Introduction 00:58 – Meet the Guests 02:26 – Open Source Origin Stories 06:10 – The Spark Behind the SOS Fund 10:19 – What Participating in the Fund Looks Like 12:39 – Inside the Curriculum 14:50 – Unique Program Design & Outcomes 16:23 – Key Learnings from the First Cohort 19:09 – Feedback & Areas to Improve 21:50 – What’s Next for the Fund 23:00 – Rapid Fire Round 24:23 – Call to Action Episode links: Kevin Crosby LinkedIn Xavier René-Corail LinkedIn GitHub Secure Open Source Fund May is Maintainer Month with the theme of Securing Open Source Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter 21:13
21:13 Play Later Play Later Lists Like Liked21:13
Play Later Play Later Lists Like LikedIn this special episode of What’s in the SoSS?, we welcome Stacey Potter, the new Community Manager at the Open Source Security Foundation (OpenSSF). Stacey shares her winding journey from managing operations at a vitamin company to becoming a powerful advocate and connector in the open source world. We explore her community-first mindset, her work with CNCF and Platform Engineering Day, and her passion for inclusion and authenticity. Whether you're curious about how to get started in open source or want insight into how community shapes security, this episode is for you. Chapters: 00:00 – Welcome + Introduction 01:06 – Stacey’s Origin Story in Open Source 03:10 – Discovering Community Management at Weaveworks 04:02 – Projects and Evolution Across CNCF and Beyond 05:44 – Co-Chairing Platform Engineering Day 09:06 – Being Openly Queer in Open Source 13:10 – What Stacey Hopes to Bring to OpenSSF 16:20 – Rapid Fire Round 17:36 – Final Thoughts Episode links: Stacey Potter’s LinkedIn page OpenSSF.org/events OpenSSF Community Day Japan OpenSSF Community Day North America OpenSSF Community Day India OpenSSF Community Day North America OpenSSF Community Day Europe Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Secure Software Starts with Awareness: Education & Open Source with the Council of Daves 24:46
24:46 Play Later Play Later Lists Like Liked24:46
Play Later Play Later Lists Like LikedIn this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversation covers key initiatives like the LFD121 course, upcoming resources on the EU Cyber Resilience Act, and how AI is shifting the landscape. Whether you're a developer, manager, or just open source curious, this is your crash course in why security training matters more than ever. 📚 Episode Chapters: Intro & Meet the Council of Daves (0:16) Open Source Origin Stories (1:22) The Role of the Education SIG (4:05) Why Secure Software Education Is Critical (6:30) Inside the LFD121 Secure Development Course (8:01) Training Managers on Secure SDLC Practices (12:24) Why AI Makes Education More Important, Not Less (13:53) What’s Next in Security Education: CRA 101 and More (16:04) Rapid Fire Round: VI vs. EMACS, Tabs or Spaces & Mascots (20:20) Final Thoughts & Call to Action (22:04) Episode links: Dave Russo LinkedIn David Wheeler LinkedIn OpenSSF Free Training : LFD121: Developing Secure Software LFD125: Security for Software Development Managers LFEL1001: Understanding the EU Cyber Resilience Act (CRA) Get involved with the OpenSSF Subscribe to the OpenSSF Newsletter Follow the OpenSSF on LinkedIn…
1 Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF 11:25
11:25 Play Later Play Later Lists Like Liked11:25
Play Later Play Later Lists Like LikedIn this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” what drew him into the world of open source, and how his decades of experience as a consumer of open source software are shaping his vision for the Foundation. 00:21 Welcome & Introductions 00:57 Steve’s Tech Journey 03:13 Why OpenSSF? 05:02 The Role of Security & Strategic Vision 08:17 Rapid Fire & Final Thoughts…
1 JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at Scale 17:49
17:49 Play Later Play Later Lists Like Liked17:49
Play Later Play Later Lists Like LikedRobin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares her journey, insights on community-led development, and how OpenJS is building a healthier future for the JavaScript ecosystem. Learn more and register for JSConf North America: https://events.linuxfoundation.org/jsconf-north-america/register/ Chapters: 0:00 JavaScript's Critical Web Presence 0:51 Robin Ginn Introduces OpenJS Foundation 2:01 Core Challenges Facing JavaScript Ecosystem 4:12 Managing Older Projects and Outdated Software 8:23 Solutions and Security Improvements 12:12 Individual Impact and Community Involvement 14:35 Wrap-Up and Call to Action Episode links: Robin Bender Ginn LinkedIn page OpenJS website OpenJS YouTube channel OpenJS Slack channel Learn more and register for JSConf North America Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding 17:18
17:18 Play Later Play Later Lists Like Liked17:18
Play Later Play Later Lists Like LikedIn this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Red Hat to pioneering AI security at Microsoft. Learn how Yesenia blends her passion for cybersecurity, Brazilian jiu-jitsu, and empowering communities—especially women—to shape her personal brand and advocacy efforts. Don't miss this lively conversation full of actionable insights for anyone interested in cybersecurity, open source communities, and personal growth. Episode Highlights: 00:18 – Introduction to Yesenia Yser 00:55 – Yesenia's open source origin story 03:30 – From cybersecurity professional to jiu-jitsu practitioner 05:56 – Building a personal brand in tech and beyond 09:04 – Advocating diversity in tech through the BEAR group 12:40 – Fun rapid-fire round (VI or Emacs, Coke or Pepsi, favorite open source mascot, spicy vs. mild food, and more) 13:52 – Yesenia joins as new co-host of "What's in the SOSS?" 15:39 – Advice for breaking into open source and cybersecurity Connect with Yesenia: Yesenia Yser on LinkedIn The Lioness Instincts Get Involved with the OpenSSF: Subscribe to the OpenSSF newsletter Join the OpenSSF an upcoming Community Day Watch BEAR Community Office Hours on YouTube…
CRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group to discuss the key lessons learned from open source security in 2024, the importance of the MVVSR (Mission, Vision, Values, Strategy, and Roadmap) framework, and the exciting initiatives planned for 2025. They highlight the growing reliance on open source, the challenges of dependency vulnerabilities, and the need for better security practices in the industry. Chapters: 03:29 Key Lessons from Open Source Security in 2024 08:29 MVSR: Mission, Vision, Strategy, and Roadmap 13:41 Importance of Strategy and Roadmap in OpenSSF 17:48 Roadmap Items for Community Collaboration 20:02 Key Resources and Courses for Developers 22:09 Exciting Opportunities Ahead for 2025 Episode links: Arun’s Linkedin Zach’s Linedkin 2024 Annual Report Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain 21:06
21:06 Play Later Play Later Lists Like Liked21:06
Play Later Play Later Lists Like LikedCRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and the future of supply chain security. 01:56 - Michael explains how he got into open source 04:10 - The challenges of being a startup within the open source ecosystem 05:38 - Michael digs into his participation with SLSA and GUAC 09:13 - How maintainers can address SBOMs with GUAC 10:56 - Michael’s predictions for supply chain security and dependency management 14:26 - Michael answers CRob’s rapid-fire questions 15:32 - Advice for those entering the cybersecurity or open source development spaces 17:50 - Michael’s call to action Links: Michael Liberman on LinkedIn Kusari homepage GUAC homepage on OpenSSF SLSA homepage on OpenSSF Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects 16:47
16:47 Play Later Play Later Lists Like Liked16:47
Play Later Play Later Lists Like LikedIn this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity and the people behind the code. 01:42 - Why the Sovereign Tech Fund became the Sovereign Tech Agency 03:59 - The ways the Sovereign Tech Agency supports open source infrastructure initiatives 04:42 - The four criteria for Sovereign Tech Agency funding: prevalence, relevance, vulnerability and public interest 06:51 - Sovereign Tech Agency success stories 09:09 Plans for the Sovereign Tech Agency in 2025 11:54 – Tara answers CRob’s rapid-fire questions 13:54 - Advice to those entering open source development or security field 14:55 - Tara’s call to action for listeners Episode links: Tara Tarayikee on Linkedin Sovereign Tech Agency homepage Apply for Sovereign Tech Fund investment Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…
1 Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security 27:15
27:15 Play Later Play Later Lists Like Liked27:15
Play Later Play Later Lists Like LikedIn this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security. 01:00 - Michael shares his origin story into open source 02:09 - How Alpha-Omega came to be 03:48 Alpha-Omega’s mission is catalyzing sustainable security improvements 05:16 - The four types of investments Alpha-Omega makes to catalyze change 11:33 - Michael expands on his “clean the beach” approach to impacting open source security 16:41 - The 3F framework helps manage upstream dependencies effectively 21:13 - Michael answers CRob’s rapid-fire questions 23:06 - Michael’s advice to aspiring development and cybersecurity professionals 24:44 - Michael’s call to action for listeners Links Michael Winser on LinkedIn Alpha-Omega homepage OpenSSF on LinkedIn Subscribe to the OpenSSF newsletter Get involved with the OpenSSF community…
1 Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security 23:44
23:44 Play Later Play Later Lists Like Liked23:44
Play Later Play Later Lists Like LikedCRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.” 00:48 - Jack and Zach share their backgrounds 02:59 - What package repositories are and why they’re important to open source users 04:17 - The positive impact package security has on downstream users 07:06 - Jack and Zach offer insight into the "Prinicples for Package Repository Security" document 11:18 - Future endeavors of the Securing Software Repositories Working Group 17:32 - Jack and Zach answer CRob’s rapid-fire questions 19:31 - Advice for those entering the industry 21:28 - Jack and Zach share their calls to action Episode links: Zach Steindler on LinkedIn Jack Cable on LinkedIn OpenSSF on LinkedIn Securing Package Repositories Working Group Principles for Package Repository Security document Subscribe to the OpenSSF newsletter Get involved with the OpenSSF community…
1 Red Hat's Rodrigo Freire and the Impact of High-Profile Security Incidents 16:58
16:58 Play Later Play Later Lists Like Liked16:58
Play Later Play Later Lists Like LikedIn this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the open source community. Rodrigo has a distinguished track record of success and experience in several industries, especially high-performance and mission-critical environments in financial services. 01:08 - Rodrigo shares his entry into open source 02:42 - Diving into the specifics of a high-profile incident 06:22 - How security researchers coordinate a response to a high-profile incident 10:33 - The benefits of a vulnerability disclosure program 11:57 - Rodgiro answers CRob's rapid-fire questions 13:43 - Advice for anyone getting into the industry 14:26 - Rodrigo's call to action for listeners 15:53 - The importance of the security community working together Episode links: Rodrigo Freire on LinkedIn Rodrigo's blog on Red Hat's response to the XZ incident discovery Get involved with the OpenSSF community…
1 Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer” 16:58
16:58 Play Later Play Later Lists Like Liked16:58
Play Later Play Later Lists Like LikedIn this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with over 10 years of ethical hacking, reverse engineering and advanced vulnerability analysis, Stephanie has a deep knowledge and passion for the hacker mindset. 01:14: Stephanie shares how she got her start in security 05:41 Interesting things Stephanie has discovered since becoming more directly involved with open source 08:20 The challenge of instilling trust into those who consume open source 12:42 Stephanie answers CRob’s rapid-fire questions 14:07 Stephanie’s advice to those getting into cybersecurity 15:43 Stephanie’s call to action for listeners Episode links: Stephanie Domas on LinkedIn Canonical homepage White House’s M-22-18 memorandum CISA RSAA Secure Software Development Attestation Form NIST Secure Software Development Framework (SSDF) SP 800-218 Get involved with the OpenSSF community…
W
What's in the SOSS? An OpenSSF Podcast
1 Intel’s Katherine Druckman and the Impact of Developer Relations 14:23
14:23 Play Later Play Later Lists Like Liked14:23
Play Later Play Later Lists Like LikedIn this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair of the OpenSSF Marketing Advisory Council and DevRel Community. Katherine enjoys sharing her passion for a variety of open source topics and is a long-time open source advocate, developer and podcaster. She’s currently the host of Open at Intel and co-host of the FLOSS Weekly and Reality 2.0 podcasts. She spent over a decade at Linux Journal. A passionate Drupalist since she first downloaded a tarball in 2005, she has also been a Drupal contributor and engineer. Additionally, Katherine will be a featured speaker at SOSS Fusion/24 in Atlanta on Oct. 22-23. SOSS Fusion/24 is a collaborative and forward-thinking initiative dedicated to securing open source software. This event will bring together a diverse community of professionals from the public sector, software developers, security engineers to cybersecurity experts, CISOs, CIOs, Founders and tech pioneers. Katherine will be an active participant at SOSS Fusion/24 and will share her insight at the following presentations: Roundtable: Building Developer Confidence in Software Security with the DevRel Community, with Lori Lorusso, Percona; Tabatha DiDomenico, G-Research. Oct 22, 11:30 a.m. Keynote: Fireside Chat with Window Snyder, Founder & CEO, Thistle Technologies, Oct. 23, 9:30 a.m. Keynote: Back to Security Basics: Evaluating, Consuming, and Contributing Open Source Software, Oct. 23, 9:55 a.m. Check out the full schedule for SOSS Fusion/24. 01:42 - Katherine shares her non-traditional journey into open source 03:30 - DevRel’s definition varies, depending on the organization 06:11 - Tips for making connections with developers 08:23 - How DevRel professionals can help integrate security practices and tooling into everyday maintainer activities 09:38 - Katherine answers CRob’s rapid-fire questions 11:05 - Katherine’s belief that all knowledge can be relevant — even if it’s outside of your field 12:23 - Developers and security folks should be working together Episode links: Katherine Druckman on LinkedIn OpenSSF DevRel Community Open at Intel podcast SOSS Fusion/24 Get involved with the OpenSSF community…
W
What's in the SOSS? An OpenSSF Podcast
1 Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level 16:24
16:24 Play Later Play Later Lists Like Liked16:24
Play Later Play Later Lists Like LikedIn this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a complex enterprise. Sarah sits on the OpenSSF Technical Advisory Council and at Dell’s she has been instrumental in cybersecurity innovation, conducting research within the global CTO R&D organization. Her career spans pivotal roles, including being an enterprise security architect and engaging in Identity and Access Management and IT at prestigious organizations like Wells Fargo and the U.S. Air Force. Dr. Lisa Bradley is a distinguished cybersecurity expert and visionary leader. She has earned her reputation as a trailblazer in the field of security and vulnerability management. In her current role, she oversees Dell's Product Security Incident Response Team (PSIRT), Bug Bounty Program, SBOM initiative, Dependency Management, and Security Champion and Training Programs. 02:38 How Dell is managing its ingestion and productization of open source software 04:54 The complex task of managing open source software for a company the size of Dell 06:34 The importance of executive support when implementing security initiatives 10:40 Lisa and Sarah answer CRob’s rapid-fire questions 12:40 Lisa and Sarah’s advice to aspiring developers and security professionals 14:12 Lisa and Sarah’s call to action Episode links: Lisa Bradley on LinkedIn Sarah Evans on LinkedIn Get involved in the OpenSSF community…
W
What's in the SOSS? An OpenSSF Podcast
In this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As Omkhar moves on to the next chapter of his occupational journey, he reflects on his tenure with the OpenSSF, shares his open source origin story and highlights the achievements of the OpenSSF and the tactics he used to engage different stakeholders. Omkhar shares his open source origin story 02:14 - Things Omkhar is proud of during his tenure at the OpenSSF 04:36 - The challenge of keeping myriad stakeholders engaged 07:12 - Areas of open source supply chains that public policymakers and regulators should better understand 09:44 - Some challenges ahead for the open source ecosystem 14:58 - Omkhar answers CRob’s rapid-fire questions 17:57 - Omkhar’s advice for people entering the open source community Links Omkhar Arasaratnam on LinkedIn Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 CoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open Source 22:47
22:47 Play Later Play Later Lists Like Liked22:47
Play Later Play Later Lists Like LikedOmkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay White, security principal program manager at Microsoft. David and Jay are on the Project Governing Board for the Coalition for Secure AI (CoSAI), an alliance of industry leaders, researchers and developers dedicated to enhancing the security of AI implementations. Additionally, Jay — along with Mihai — are leads on the OpenSSF AI/ML Security Working Group. In this conversation, they dig into CoSAI’s goals and the potential partnership with the OpenSSF. 00:57 - Guest introductions 01:56 - Dave and Jay offer insight into why CoSAI was necessary 05:16 - Jay and Mihai explain the complementary nature of OpenSSF's AI/ML Security Working Group and CoSAI 07:21 - Mihai digs into the importance of proving model provenance 08:50 - Dave shares his thoughts on future CoSAI/OpenSSF collaborations 11:13 - Jay, Dave and Mihai answer Omkhar’s rapid-fire questions 14:12 - The guests offer their advice to those entering the field today and their call to action for listeners Links David LaBianca on LinkedIn Mihai Maruseac on LinkedIn Jay White on LinkedIn CoSAI homepage OpenSSF AI/ML Security Working Group homepage Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…” 22:43
22:43 Play Later Play Later Lists Like Liked22:43
Play Later Play Later Lists Like LikedIn this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community. When he’s not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and nine kids. 01:21 Mike shares insight into transporting a family of 11 02:02 Mike’s day-to-day at GitHub 03:53 Advice on communicating supply chain risk 08:19 Transforming the “Department of No” into the “Department of Yes And…” 12:44 AI’s potential impact on secure open source software and, specifically, on software supply chains 18:02 Mike answers Omkhar’s rapid-fire questions 19:26 Advice Mike would give to aspiring security or software professionals 20:38 Mike’s call to action for listeners Links Mike Hanley on LinkedIn DARPA AI Cyber Challenge Get involved with the OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 CISA's Aeva Black and the Public Sector View of Open Source Security 12:13
12:13 Play Later Play Later Lists Like Liked12:13
Play Later Play Later Lists Like LikedIn this episode, Omkhar Arasaratnam visits with Aeva Black, who currently serves as the Section Chief for Open Source Security at CISA, and is an open source hacker and international public speaker with 25 years of experience building open source software projects at large technology companies. She previously led open source security strategy within the Microsoft Azure Office of the CTO, and served on the OpenSSF Technical Advisory Committee, the OpenStack Technical Committee, and the Kubernetes Code of Conduct Committee. In her spare time, Aeva enjoys riding motorcycles up and down the west coast. 01:37- Aeva describes a day in the life at CISA 02:38 - Details on the use of open source in the public sector 04:27 - Why open source needs corporate investment to maintain security 06:20 - Aeva shares what their second year at CISA looks like 07:58 - Aeva answers Omkhar’s rapid-fire questions 09:28 - Advice for people entering the world of security 10:16 - Certs are nice to have, but they aren’t everything 10:42 - Aeva’s call to action for listeners Episode links: Aeva Black on LinkedIn CISA Open Source Security Roadmap Get involved with the OpenSSF community…
W
What's in the SOSS? An OpenSSF Podcast
1 Google’s Andrew Pollock and Addressing Open Source Vulnerabilities 12:16
12:16 Play Later Play Later Lists Like Liked12:16
Play Later Play Later Lists Like LikedEpisode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, great user experiences and self-service opportunities. He has primarily worked in Linux/Unix environments as a Site Reliability Engineer or Security Engineer, with a strong interest in process improvement and automation. 00:52 - Andrew shares his background as a “mid-90s data nerd” 02:31 - Managing vulnerabilities in the open source ecosystem 03:57 - How to navigate inconsistent metadata 06:26 - The challenge of source attribution 07:54 - The rapid-fire round 09:15 - Andrew’s advice to open source developers 10:22 - Andrew’s call to action to developers Episode links: Andrew Pollock on LinkedIn Getting to know the Open Source Vulnerability format OSV.dev Get involved in the OpenSSF community…
W
What's in the SOSS? An OpenSSF Podcast
1 Rust Foundation’s Bec Rumbul and Succeeding as a “Non-Techie” in a Tech-Heavy Industry 18:28
18:28 Play Later Play Later Lists Like Liked18:28
Play Later Play Later Lists Like LikedBec Rumbul is the Executive Director and CEO of the Rust Foundation, a global non-profit that stewards the Rust language, supports maintainers, and ensures that Rust is safe, secure, and sustainable for the future. She holds a PhD in Politics and Governance and has worked as a consultant and researcher with governments, parliaments and development agencies all over the world, advocating for openness and transparency and developing tools to improve digital participation. 02:57 Bec shares her day-to-day activities with the Rust Foundation 04:53 Bec on her sometimes tricky responsibilities during her time at the U.N. 06:35 How Bec communicates the importance of memory safety and Rust with stakeholders 09:47 Surprises related to organizations that are adopting Rust 11:50 Impediments to Rust adoption 13:44 Bec answers Omkhar’s rapid-fire questions 15:49 Advice Bec would give a non-technical person entering a technical field 17:09 Bec’s call to action for listeners Episode links: Bec Rumbul on LinkedIn Rust Foundation homepage Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 Sonatype’s Brian Fox and the Perplexing Phenomenon of Downloading Known Vulnerabilities 22:24
22:24 Play Later Play Later Lists Like Liked22:24
Play Later Play Later Lists Like LikedBrian Fox is Co-founder and Chief Technology Officer at Sonatype, bringing over 28 years of hands-on experience driving software development for organizations of all sizes, from startups to large enterprises. A recognized figure in the Apache Maven ecosystem and a longstanding member of the Apache Software Foundation, Brian has played a crucial role in creating popular plugins like the maven-dependency-plugin and maven-enforcer-plugin. His leadership includes overseeing Maven Central, the world's largest repository of open-source Java components, which recently surpassed a trillion downloads annually. As a Governing Board member for the Open Source Security Foundation, Brian actively contributes to advancing cybersecurity. Working with other industry leaders, he helped create The Open Source Consumption Manifesto, urging organizations to elevate their awareness of the Open Source Software (OSS) components they use. 00:57 Brian shares his background 03:56 The confusing trend of people downloading assets on Maven with known vulnerabilities 08:16 How this trend continues in other repos 11:08 Brian and CRob discuss Log4Shell 16:54 Brian answers CRob’s rapid-fire questions 18:46 Brian’s advice for up-and-coming security professionals 19:50 Brian’s call to action Episode links: Brian Fox on LinkedIn Sonatype’s 2023 State of the Software Supply Chain Report Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 Arun Gupta and Giving Back to Security Communities 22:02
22:02 Play Later Play Later Lists Like Liked22:02
Play Later Play Later Lists Like LikedArun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has been an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles, contribute, and collaborate effectively. On July 9th and 10th, the OpenSSF will attend the 2024 OSPOs for Good symposium hosted by the UN. What’s in the SOSS? co-host Omkhar Arasaratnam and Arun will lead a session called “Engaging the Open Source Community.” Following the symposium on July 11th, attendees are invited to come to a secondary event, What’s Next for Open Source? It will feature a collection of curated workshops to discover how to build and gather the skills you need to move forward with open source. Omkhar is coordinating the security track and presenting opening remarks. Arun will offer closing remarks. 02:13 - Arun’s general outlook on security and life 03:39 - Arun shares his personal background and illustrious career history 09:04 - Comparing the OpenSSF and the Cloud Native Computing Foundation (CNCF) 13:30 - Arun details his work with the United Nations 16:42 - Areas that a lot of security professionals are getting wrong 18:20 - Arun answers Omkhar’s rapid-fire questions 19:08 - Advice Arun would give to aspiring security professionals 20:40 - Arun’s call to action for listeners Episode links OSPOs for Good 2024 What’s Next for Open Source event Arun Gupta’s LinkedIn profile CNCF homepage United Nations Sustainable Development Goals Get involved with OpenSSF…
W
What's in the SOSS? An OpenSSF Podcast
1 Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX 18:11
18:11 Play Later Play Later Lists Like Liked18:11
Play Later Play Later Lists Like LikedThe world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation behind the release process. Puerco is one of the original authors of OpenVEX, an OpenSSF project working towards a minimal implementation of VEX that can be easily embedded and attested. He's also a contributor to the SPDX project and a maintainer of several SBOM OSS tools. He’s passionate about writing software with friends, helping new contributors and amplifying the Latinx presence in the cloud-native community. 01:04 - Puerco shares his background 02:21 - What SBOMs are and why they’re so important 06:42 - An overview of standards in the SBOM space 09:58 - Puerco details his work on VEX projects 14:05 - Puerco enters the rapid-fire portion of the interview 15:06 - Advice Puerco would offer aspiring open source or security professionals 16:12 - Puerco’s call to action for listeners Links Adolfo García Veytia’s LinkedIn page…
W
What's in the SOSS? An OpenSSF Podcast
1 A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS? 20:03
20:03 Play Later Play Later Lists Like Liked20:03
Play Later Play Later Lists Like LikedChristopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s Technical Advisory Committee (TAC) Chair. And soon, CRob will step into another role: co-host of What’s in the SOSS? With 25 years of enterprise-class engineering, architectural, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the financial, medical, legal, and manufacturing verticals. He also spent six years helping lead the Red Hat Product Security team as their Program Architect. 00:57 - CRob’s day-to-day activities and his affiliation with the OpenSSF 03:15 - The insight CRob will bring to the podcast as co-host 05:46 - What developers writing “post-bang” code should be considering 08:40 - Lessons open source could learn from corporate and vice versa 12:17 - CRob explores the evolution of open source 14:22 - Crob answers Omkhar’s rapid fire questions 15:57 - CRob’s advice to people entering the cybersecurity field 18:18 - CRob’s call to action for listeners: give back Episode links: CRob’s LinkedIn page More content with CRob…
W
What's in the SOSS? An OpenSSF Podcast
1 OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source Security 14:58
14:58 Play Later Play Later Lists Like Liked14:58
Play Later Play Later Lists Like LikedMatt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore the frontier of AI, understand its impacts and maximize its benefits, especially in the cybersecurity domain. 00:40 - Matt’s duties at OpenAI 01:52 - Matt’s accidental journey into cybersecurity 05:18 - The intersection of AI and open source 06:45 - Matt’s thoughts on how AI can help security professionals 08:53 - Details on the AI Cyber Challenge (AIxCC) 10:53 - Matt answers Omkhar’s rapid-fire questions 12:29 - Advice Matt would give to aspiring security professionals 13:00 - Matt’s call-to-cation for listeners Episode links: Matt Knight’s Linkedin page GNU Radio AIxCC Challenge OpenAI Cybersecurity Grant Program…
W
What's in the SOSS? An OpenSSF Podcast
1 Eric Brewer and the Future of Open Source Security 16:09
16:09 Play Later Play Later Lists Like Liked16:09
Play Later Play Later Lists Like LikedIn this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about distributed network applications in the late 1990s. 01:15 - Eric discusses his background 03:14 - Improving security in a corporate vs. open source environment 05:58 - Advancements Eric has noticed in open source in recent years 07:17 - How to make software repositories more secure 08:58 - The next big hurdle in open source security 11:12 - Rapid-fire questions: Mild or spicy food? Vim or Emacs? Spaces or tabs? 12:42 - Eric’s advice for aspiring security professionals 14:45 - The importance of being active in security communities Episode links: Eric Brewer’s LinkedIn profile OS3I report…
W
What's in the SOSS? An OpenSSF Podcast
1 Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security 17:29
17:29 Play Later Play Later Lists Like Liked17:29
Play Later Play Later Lists Like LikedIn this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of the Jeff Aiken cyberthriller novels Zero Day, Trojan Horse and Rogue Code, and co-author of the Microsoft Press Windows Internals books. 00:36 - Mark on his role at Azure 01:30 - Where AI is headed and its impact on enterprises 04:06 - The task of teaching a machine learning model to unlearn Harry Potter 06:32 - The good and bad of AI hallucinations 10:35 - The promise of more secure open source software via AI 13:05 - Mark answers Omkhar’s “rapid-fire” questions: mild or spicy food, Vim, Emacs or VS Code and tabs or spaces 15:01 - Why aspiring software engineers should still learn to code Episode links: Mark Russinovich’s LinkedIn page Press Release: OpenSSF to Support Darpa on New AI Cyber Challenge (AIxCC)…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Similar to What's in the SOSS? An OpenSSF Podcast
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
A podcast about web design and development.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
