Open Source Security Podcast

31

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works.There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.

Recent Episodes
  • STIG automation with Aaron Lippold
    Jun 9, 2025 – 33:28
  • Ecosyste.ms with Andrew Nesbitt
    Jun 2, 2025 – 35:38
  • Curl vs AI with Daniel Stenberg
    May 26, 2025 – 34:23
  • Repository signing with Kairo De Araujo
    May 19, 2025 – 33:29
  • Securing GitHub Actions with William Woodruff
    May 12, 2025 – 31:50
  • Embedded Security with Paul Asadoorian
    May 5, 2025 – 34:24
  • tj-actions with Endor Lab's Dimitri Stiliadis
    Apr 28, 2025 – 32:39
  • Syft, Grype, and Grant with Alan Pope
    Apr 21, 2025 – 31:04
  • CVE for EOL with Aaron Frost
    Apr 14, 2025 – 30:00
  • cargo-semver-checks with Predrag Gruevski
    Apr 7, 2025 – 33:35
  • Distributed CI and Git with Lars Wirzenius
    Mar 31, 2025 – 27:27
  • FIDO authentication with William Brown
    Mar 24, 2025 – 29:26
  • CRA with Luis Villa
    Mar 17, 2025 – 25:46
  • Open Source Malware with Brian Fox
    Mar 10, 2025 – 30:18
  • Open Source Foundations with Kelley Misata of Suricata
    Mar 3, 2025 – 31:45
  • Forking Open Source Projects with Sheogorath
    Feb 24, 2025 – 22:14
  • Patching EOL Open Source with Aaron Frost
    Feb 17, 2025 – 22:53
  • Why do we keep ignoring CI security with François Proulx
    Feb 10, 2025 – 23:38
  • Modern day authentication with Marc Boorshtein
    Feb 3, 2025 – 26:17
  • Government Security Requirements with Dick Brooks
    Jan 27, 2025 – 19:44
  • Open Source Maintenance with Gary Kramlich
    Jan 20, 2025 – 27:18
  • Safety vs Security with Thomas Depierre
    Jan 13, 2025 – 21:23
  • The Future of Open Source Security
    Jan 1, 2025 – 04:28
  • Episode 461 - The new NIST password guidance
    Dec 30, 2024 – 36:07
  • Episode 460 - Santa's Supply Chain Security
    Dec 23, 2024 – 43:29
  • Episode 459 - CWE Top 25 List
    Dec 16, 2024 – 36:01
  • Episode 458 - FBI endorses E2E encryption
    Dec 9, 2024 – 33:43
  • Episode 457 - The D-Link D-bacle
    Dec 2, 2024 – 41:00
  • Episode 456 - What if XZ happened to a company? The openness of open source
    Nov 25, 2024 – 33:42
  • Episode 455 - Wordpress plugin security
    Nov 18, 2024 – 35:38
  • Episode 454 - The state of open source with Brian Fox from Sonatype and Donald Fischer from Tidelift
    Nov 11, 2024 – 43:13
  • Episode 453 - Software Liability
    Nov 4, 2024 – 36:28
  • Episode 452 - All about Meshtastic
    Oct 28, 2024 – 39:29
  • Episode 451 - Python security with Seth Larson
    Oct 21, 2024 – 36:24
  • Episode 450 - What's Wrong With WordPress
    Oct 14, 2024 – 39:01
  • Episode 449 - The CUPSpocalypse
    Oct 7, 2024 – 38:01
  • Episode 448 - What's wrong with CISA?
    Sep 30, 2024 – 34:48
  • Episode 447 - The Tidelift 2024 open source maintainer report
    Sep 23, 2024 – 38:52
  • Episode 446 - Researchers took over .MOBI TLD
    Sep 16, 2024 – 33:06
  • Episode 445 - EPSS with Jay Jacobs
    Sep 9, 2024 – 41:12
  • Episode 444 - Open Source and End of Life
    Sep 2, 2024 – 37:49
  • Episode 443 - The Supply Chain Security Crisis
    Aug 26, 2024 – 34:23
  • Episode 442 - The foundation of society, TLS certificates are a mess
    Aug 19, 2024 – 40:35
  • Episode 441 - Is CWE useful?
    Aug 12, 2024 – 33:23
  • Episode 440 - "What is open source" talk Josh gave
    Aug 5, 2024 – 34:36
  • Episode 439 - Where are all the youth in open source?
    Jul 29, 2024 – 29:27
  • Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice
    Jul 22, 2024 – 34:52
  • Episode 437 - CocoPods and proper funding for open source
    Jul 15, 2024 – 36:50
  • Episode 436 - OpenSSH and node-ip - it's all exponential growth
    Jul 8, 2024 – 32:10
  • Episode 435 - polyfill.io - open source is too big to fix
    Jul 1, 2024 – 38:50
Recent Reviews
  • letitsnowman
    josh is insufferable
    I really enjoy Kurt’s perspective on stuff. Josh is insufferable. Not sure what complex he suffers from, but he can never be wrong and is always steamrolling Kurt.
  • CornOnTheMacabre
    Great Podcast
    I don't work in this field; I'm strictly a security hobbyist. Found this podcast through archive.org, incidentally. Listened to 5 minutes of one episode and that was enough for me to subscribe. Thanks for a great podcast!
  • cspeckrun
    Most frustrating show I continue listening to
    Like a meeting with no agenda it can be informative and entertaining and you’re never quite sure if you should attend again but usually you do.
  • unbleachedbit
    The banter is spot on
    as of September 2023 be negative reviews may be from non-techs or squishy persons in general. I understand the humor, and every episode that I have listened to so far which is only half a dozen the hosts understand and get what they are talking about. having over 20 years both professionally and not in the information technology field I find myself quite amused at their observations, and more often than not not in agreement more than once an episode. If the hosts, however, ever come across this comment, if you guys would enable Apple podcasts, so that I could toss a few dollars your way I would be more than happy to do so.
  • ktkaffee
    Excellent
    I listen every week - it’s great to hear from others in my field.
  • mallworld
    Rude host
    "We're out of time" "Nobody cares" Joshs catchphrases for this podcast. Sticking with it because of Kurt though
  • obacker19
    Entertaining, insightful and actionable! 🔥
    Whether you’re well established as a cyber security innovator, or just getting started carving out your role as a change agent within your organization - this is a must-listen podcast for you! Josh and Kurt do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing data security and compliance environment - from leaders who’ve actually experienced success themselves. Highly recommend listening and subscribing!
  • Monar G.
    Like a fun conversation!
    This podcast is like a fun conversation
  • Daveyma
    Too much fluff
    Should be retitled
Disclaimer: The podcast and artwork on this page are property of the podcast owner, and not endorsed by UP.audio.