Outreach Signals
Publishing Details
Contact & Outreach
About This Podcast
Explore Statistics
Recent Episodes
Hacking your CI/CD with François Proulx
Josh welcomes back François Proulx to talk about the absolute madness in the CI/CD universe right now. We also learn about François' new project SmokedMeat which is a tool to help you hack your own…
Open source verification with Sal Kimmich
Josh chats with Sal Kimmich about the current state of everything, and what we can expect next. Sal has some incredible insight into what we can expect to see due to the current wave of security bugs…
Vulnerability disclosure with Casey Ellis
Josh talks to Casey Ellis about why vulnerability disclosure is so hard, and also so important. Casey is one of the best in this space having been a Bugcrowd founder. There are few people with more…
F-Droid the open app store with Hans
Josh talks to Hans-Christoph Steiner about F-Droid, the Free and Open Source Android App Repository. The way F-Droid works looks a lot like a Linux distribution which has some interesting security…
Open source is critical infrastructure with Kat Cosgrove
Josh talks to Kat Cosgrove about a how companies should be treating open source more like their critical infrastructure than free stuff. Kat has a ton of knowledge about how the interactions between…
How to actually test a disaster plan with David Bernstein
Josh and David finish up the disaster recovery and emergency planning trilogy. In this one David tells us how to test the plan he told us how to build in the last episode. There are some great ideas…
Open Source Pledge with Vlad-Stefan Harbuz
Josh has a discussion with Vlad-Stefan Harbuz about the Open Source Pledge as well as his recent FOSDEM talk. The Open Source Pledge is all about trying to build a sustainable universe for open…
Building a plan for disaster with David Bernstein
Josh welcomes back David Bernstein to talk about creating a disaster recover plan. It's a very timely topic given all the current events. There are more supply chain attacks and compromises than ever…
Open Source Malware with Paul McCarty
Josh talks to Paul McCarty of Open Source Malware about ... open source malware. Paul explains why there aren't many good open source malware datasets. We discuss why the existing data is lacking for…
Package management challenges with Andrew Nesbitt
Josh welcomes back Andrew Nesbitt to discuss some recent blog posts he wrote about the challenges of new ecosystems as well as challenges of no ecosystems like C. There aren't very many people who…
Open Source Security at scale with Michael Winser
Josh talks to Michael Winser about a talk he gave at FOSDEM as well as his work on Alpha Omega at the Linux Foundation. Michael is approaching open source security in a way that nobody has ever tried…
2026 State of the Software Supply Chain with Brian Fox
Josh chats with Brian Fox from Sonatype about their 2026 State of the Software Supply Chain report. Most of the number continue to grow at alarming rates, but there's some new interesting findings in…
MCP and Agent security with Luke Hinds
Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke's new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We…
The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer
Josh talks to Paul Kehrer and Alex Gaynor, from the Python Cryptographic Authority. Alex and Paul recently published a statement discuss the challenges posed by modern OpenSSL. We discuss the…
Rust coreutils with Sylvestre Ledru
Josh talks to Sylvestre Ledru about the Rust coreutils project. We've been using GNU coreutils for decades now, and the goal of Rust coreutils is to rewrite these utilities in Rust. The primary…
Goose and the Agentic AI Foundation with Brad Axen
Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but Brad has a very pragmatic view about where…
The Global Vulnerability Intelligence Platform with Olle E. Johansson
Josh chats with Olle E. Johansson about the Global Vulnerability Intelligence Platform (GVIP). It's no secret the current vulnerability systems are reaching a breaking point. Olle is one of the few…
Digital Sovereignty and Nextcloud with Frank Karlitschek
Josh talk to the founder and CEO of Nextcloud, Frank Karlitschek about digital sovereignty. There's a lot of attention lately around digital sovereignty and often that conversation also includes…
The Art of Crisis Management with David Bernstein
Josh talks to David Bernstein about the world of crisis management and business continuity. David is a certified emergency manager and tell us about preparing for both digital and physical…
WTF is a passkey with William Brown
William Brown is back! This time Josh chats with him about Passkeys. WTF are they? A Passkey is a form of multi factor authentication, but it's not super obvious what that really means. William does…
Frequently Asked Questions
Open Source Security has published 532 episodes since September 2016, covering topics in Technology.
Open Source Security is currently highly active with new episodes weekly. Average episode length is 33m.
Sign up on Grep.FM to access contact details for Open Source Security, including email and social media links.
