What's in the SOSS? An OpenSSF Podcast

EXPLORE

Society & Culture

Health & Fitness

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/ca/a0/ea/caa0eae7-eacd-8b85-2298-d952227aeb23/mza_17274116270953076211.jpg/600x600bb.jpg

What's in the SOSS? An OpenSSF Podcast

OpenSSF

48 episodes

1 week ago

On this episode of "What's in the SoSS," Yesenia Yser sits down with Justin Cappos, NYU professor and self-described "OG software supply chain guy" who's been working in this space since 2002. Justin reveals why most universities fail to teach fundamental security practices—from MFA to code signing—and how his groundbreaking software supply chain security course is creating some of the top 500 most qualified professionals in the world. We discuss the challenges of keeping curriculum current i...

Show more...

All content for What's in the SOSS? An OpenSSF Podcast is the property of OpenSSF and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

On this episode of "What's in the SoSS," Yesenia Yser sits down with Justin Cappos, NYU professor and self-described "OG software supply chain guy" who's been working in this space since 2002. Justin reveals why most universities fail to teach fundamental security practices—from MFA to code signing—and how his groundbreaking software supply chain security course is creating some of the top 500 most qualified professionals in the world. We discuss the challenges of keeping curriculum current i...

Show more...

Episodes (20/48)

What's in the SOSS? An OpenSSF Podcast

Teaching the Next Generation: Software Supply Chain Security in Academia with Justin Cappos

On this episode of "What's in the SoSS," Yesenia Yser sits down with Justin Cappos, NYU professor and self-described "OG software supply chain guy" who's been working in this space since 2002. Justin reveals why most universities fail to teach fundamental security practices—from MFA to code signing—and how his groundbreaking software supply chain security course is creating some of the top 500 most qualified professionals in the world. We discuss the challenges of keeping curriculum current i...

2 weeks ago

22 minutes

What's in the SOSS? An OpenSSF Podcast

Securing the Future: AI, Open Source, and Collaboration with Jay White (Microsoft)

Jay White, a leader in the open source ecosystem at Microsoft, discusses his journey into open source, focusing on AI and machine learning. He highlights his role in the Azure office of the CTO, working on open source, security, and AI standards. White emphasizes the importance of model signing and transparency in AI development, mentioning ongoing work in the OpenSSF and Coalition for Secure AI (CoSAI). He encourages community involvement, noting the need for standardization in AI supply cha...

1 month ago

25 minutes

What's in the SOSS? An OpenSSF Podcast

SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)

Stephanie Domas, Canonical's Chief Security Officer, returns to What's in the SOSS to discuss critical open source challenges. She addresses the issues of third-party security patch versioning, the rise of software sovereignty, and how custom patches break SBOMs. Domas also explains why geographic code restrictions contradict open source principles and what the EU's Cyber Resilience Act (CRA) means for enterprises. She highlights Canonical's work integrating memory-safe components like sudo-r...

1 month ago

26 minutes

What's in the SOSS? An OpenSSF Podcast

A Deep Dive into the Open Source Project Security (OSPS) Baseline

In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstrate their project's security posture and fostering confidence in open source projects. They explore its integration with other OpenSSF projects, real-world applications like the GUAC case study, and its value to maintainers and stakeholders. The role of ...

1 month ago

32 minutes

What's in the SOSS? An OpenSSF Podcast

Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security Leader

In this episode of What’s in the SOSS, host Yesenia Yser sits down with Seth Larson, Security Developer in Residence at the Python Software Foundation, as he shares his unique perspective on open source security. From his Minneapolis base, Seth discusses his journey from urllib3 maintainer to leading security initiatives across the Python ecosystem. In this episode, we explore how public documentation shapes security work, the importance of supporting maintainers both technically and emotiona...

2 months ago

21 minutes

What's in the SOSS? An OpenSSF Podcast

New Education Course: Secure AI/ML-Driven Software Development (LFEL1012) with David A. Wheeler

In this episode of “What’s In The SOSS,” Yesenia interviews David A. Wheeler, the Director of Open Source Supply Chain Security at the Linux Foundation. They discuss the importance of secure software development, particularly in the context of AI and machine learning. David shares insights from his extensive experience in the field, emphasizing the need for both education and tools to ensure security. The conversation also touches on common misconceptions about AI, the relevance of digital ba...

2 months ago

38 minutes

What's in the SOSS? An OpenSSF Podcast

The Remediation Revolution: How AI Agents Are Transforming Open Source Security with John Amaral of Root.io

In this episode of What's in the SOSS, CRob sits down with John Amaral from Root.io to explore the evolving landscape of open source security and vulnerability management. They discuss how AI and LLM technologies are revolutionizing the way we approach security challenges, from the shift away from traditional "scan and triage" methodologies to an emerging "fix first" approach powered by agentic systems. John shares insights on the democratization of coding through AI tools, the unique securit...

2 months ago

22 minutes

What's in the SOSS? An OpenSSF Podcast

From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr Project

In this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional path into open source as a manager rather than a developer, navigating complex legal challenges to get Motorola's contributions upstream. Now a decade into her tenure at the Linux Foundation, Kate leads critical initiatives in safety-critical open source software, including the Zephyr RTOS project and ELISA, while being instrumental in the evolutio...

3 months ago

34 minutes

What's in the SOSS? An OpenSSF Podcast

Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts

The quantum threat is real, and the clock is ticking. With government deadlines set for 2030, organizations have just five years to migrate their cryptographic infrastructure before quantum computers can break current RSA and elliptic curve systems. In this episode of "What's in the SOSS," join host Yesenia Yser as she sits down with David Hook (VP Software Engineering) and Tomas Gustavsson (Chief PKI Officer) from Keyfactor to break down post-quantum cryptography, from ELI5 explanation...

3 months ago

30 minutes

What's in the SOSS? An OpenSSF Podcast

Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives

In this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in the OpenSSF's AI/ML working group. Sarah discusses the critical work being done to extend secure software development practices to the rapidly evolving field of AI. She dives into the AI Model Signing project, the groundbreaking MLOps white paper developed in partnership with Ericsson, and the crucial work of identifying and addressing new personas in AI/ML ope...

4 months ago

14 minutes

What's in the SOSS? An OpenSSF Podcast

Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits

In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert third-party reviews, without creating fear or overwhelming developers. Episode Chapters: 00:00 Introduction00:22 Podcast Welcome01:04 OSTIF Founder...

4 months ago

25 minutes

What's in the SOSS? An OpenSSF Podcast

From Compliance to Community: Meeting CRA Requirements Together

In this episode of 'What's in the SOSS” CRob dives deep into the Erlang ecosystem with Jonatan Männchen (CISO, Erlang Ecosystem Foundation), Ulf (Product Owner, Herrmann Ultraschall), and Michael Winser (Alpha Omega). This episode explores the critical importance of security in open source, particularly in light of regulations like the CRA. Hear how the Erlang community is proactively addressing security concerns by bringing in experts, fostering collaboration, and building trust. Discover wh...

5 months ago

31 minutes

What's in the SOSS? An OpenSSF Podcast

Building India's Open Source Security Community: From Developer Nation to Security Champions

Join CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world's largest developer communities. Ram shares his journey from computer science professor to developer evangelist, discusses the launch of LF India, and reveals why getting developers excited about security tools remains one of his biggest challenges. From spicy food preferences to Star Trek vs. Star Wars d...

5 months ago

18 minutes

What's in the SOSS? An OpenSSF Podcast

From Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building Community

In this episode of What’s in the SOSS? host Yesenia Yser sits down with open source security engineer and community leader Tabatha DiDomenico for an inspiring conversation about her unexpected path into open source, the vibrant communities behind security, and her role as president of BSides Orlando. From discovering Netscape in the early days to shaping security strategy at G-Research and OpenSSF, Tabatha shares how her career evolved from necessity to purpose. She talks about the power of ...

6 months ago

29 minutes

What's in the SOSS? An OpenSSF Podcast

Bridging DevOps and Security: Tracy Reagan on the Future of Open Source

In this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF, Tracy shares her journey through the ever-evolving world of open source security. We dig into the importance of configuration management, what DevSecOps really means, and how projects like the OpenSSF Scorecard and Ortelius help make our softwa...

6 months ago

20 minutes

What's in the SOSS? An OpenSSF Podcast

Yoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes

In this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how she found inspiration for her TED Talk in the wisdom of Yoda. The two discuss the myths around DEIA, how the Jedi Council reflects ideal collaborati...

7 months ago

19 minutes

What's in the SOSS? An OpenSSF Podcast

Cybersecurity Framework Launch

In this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey into open source, the role of LF Education in supporting the community, and the importance of cybersecurity education. They also delve into the development of the Global IT Cyber Skills Framework, emphasizing the need for continuous learning and community engagement in the tech industry. Chapters: 00:00 Introduction to Open Source and LF Education02:59 Cl...

7 months ago

20 minutes

What's in the SOSS? An OpenSSF Podcast

Scaling Security: Inside the GitHub Securing Open Source Software Fund

In this episode of What’s in the SOSS?, CRob sits down with Kevin Crosby and Xavier Rene-Corail from GitHub to unpack the GitHub Secure Open Source Fund - an innovative program that combines funding, education, and community to strengthen open source security. Learn how this unique initiative connects maintainers with training, resources, and a $10K stipend to scale security best practices. The trio also shares the origins of the fund, surprising takeaways from the first cohort, and what’s ne...

7 months ago

26 minutes

What's in the SOSS? An OpenSSF Podcast

Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter

In this special episode of What’s in the SoSS?, we welcome Stacey Potter, the new Community Manager at the Open Source Security Foundation (OpenSSF). Stacey shares her winding journey from managing operations at a vitamin company to becoming a powerful advocate and connector in the open source world. We explore her community-first mindset, her work with CNCF and Platform Engineering Day, and her passion for inclusion and authenticity. Whether you're curious about how to get started in open so...

8 months ago

21 minutes

What's in the SOSS? An OpenSSF Podcast

Secure Software Starts with Awareness: Education & Open Source with the Council of Daves

In this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversation covers key initiatives like the LFD121 course, upcoming resources on the EU Cyber Resilience Act, and how AI is shifting the landscape. Whether y...

8 months ago

24 minutes