Open Source Security podcast

Player FM - Internet Radio Done Right

396 subscribers

Ditambah eight tahun yang lalu

Kandungan disediakan oleh Open Source Security and Josh Bressers. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Open Source Security and Josh Bressers atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.

This Is Woman's Work with Nicole Kalil

1
Unlocking Your Hidden Genius: How to Harness Your Innate Talents with Betsy Wills & Alex Ellison | Ep. 289 32:08

5 weeks ago32:08

Main Kemudian

Senarai

Suka

Disukai

32:08

Did you know there’s an actual science to uncovering your hidden genius? It’s not about filling out a “dream job” worksheet—it’s about understanding how your brain is wired, identifying your natural aptitudes, and using them to thrive. This isn’t just a self-discovery exercise. It’s a game-changer for your career, your relationships, and how you show up in the world. Betsy Wills and Alex Ellison are redefining how we approach career discovery, proving that finding the right path isn’t just about landing a job—it’s about creating a life that aligns with who you actually are. ✅ Betsy Wills – Cofounder of YouScience, a groundbreaking psychometric assessment platform reshaping how we understand our talents. She’s also the Director of Marketing & Branding at Diversified Trust and a frequent lecturer at Vanderbilt University and NYU’s Stern School of Business. ✅ Alex Ellison – Founder of Throughline Guidance, a global college and career counseling practice. She’s a sought-after writer, speaker, and expert in college readiness and career development. ✅ Together, they co-authored Your Hidden Genius: The Science-Backed Strategy to Uncovering and Harnessing Your Innate Talents. Discovering your hidden genius isn’t just about career success—it’s about tapping into what makes you, you . Connect with Betsy & Alex: Website (Free Downloads): www.yourhiddengenius.com Book: https://www.harpercollins.com/products/your-hidden-genius-elizabeth-m-willsalexandra-ellison Related Podcast Episodes: How To Be You, But Better with Olga Khazan | 288 Finding Purpose Through Human Design with Emma Dunwoody | 228 195 / Finding (And Using) Your Voice with Amy Green Smith Share the Love: If you found this episode insightful, please share it with a friend, tag us on social media, and leave a review on your favorite podcast platform! 🔗 Subscribe & Review: Apple Podcasts | Spotify | Amazon Music…

Open Source Security

Kongsi

Laman utama siri•Feed

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.

477 episod

#Open Source #Software Development #Security #Josh Bressers #Tech #Cybersecurity #Open #Opensource #Source #Open Source Security

Open Source Security

396 subscribers

updated about 12 hours ago

Kongsi

Laman utama siri•Feed

477 episod

#Open Source #Software Development #Security #Josh Bressers #Tech #Cybersecurity #Open #Opensource #Source #Open Source Security

Semua episod

Open Source Security

1
CVE for EOL with Aaron Frost 30:00

12 hours ago30:00

30:00

Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with knowledge. The conversation uncovers the ethical tensions between resource constraints and security transparency, highlighting why the "vulnerable until proven otherwise" approach is the best path forward for end of life software. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-04-cve_eol_aaron_frost/…

Open Source Security

1
cargo-semver-checks with Predrag Gruevski 33:35

7 days ago33:35

33:35

Cargo Semver Checks is a Rust tool by Predrag Gruevski that is tackling the problem of broken dependencies that cost developers time when trying to upgrade dependencies. Predrag's work shows how automated checks can catch breaking changes before they're released, potentially saving projects from unexpected failures and making dependency updates less painful across the entire Rust ecosystem. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-04-cargo-semver-checks-predrag-gruevski/…

Open Source Security

1
Distributed CI and Git with Lars Wirzenius 27:27

14 days ago27:27

27:27

Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboration platform. Together, these projects offer a glimpse into a more distributed future for software development, addressing key challenges in current CI/CD systems like long wait times, security vulnerabilities, and centralized infrastructure limitations. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-ambient-radicle-lars-wirzenius/…

Open Source Security

1
FIDO authentication with William Brown 29:26

21 days ago29:26

29:26

William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect how hardware tokens are authenticated against. The conversation covers the spectrum of hardware security key quality, attestation mechanisms, and the barriers preventing open source developers from improving industry standards despite their expertise. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-fido_auth_william_brown/…

Open Source Security

1
CRA with Luis Villa 25:46

28 days ago25:46

25:46

In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the complex relationship between security and sustainability. Luis provides practical guidance on navigating this evolving regulatory landscape while explaining why the CRA represents both a challenge and an opportunity for the open source ecosystem. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-CRA_luis_villa/…

Open Source Security

1
Open Source Malware with Brian Fox 30:18

5 weeks ago30:18

30:18

Brian Fox discusses findings from a recent Sonatype report about the growing challenge of malicious packages in open source repositories. At the time of recording there are now over 820,000 malware packages in public repositories. Brian explains why certain ecosystems are more vulnerable than others and how behavioral detection methods can identify suspicious packages, and the challenge in solving this problem. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-oss_malware_brian_fox/…

Open Source Security

1
Open Source Foundations with Kelley Misata of Suricata 31:45

6 weeks ago31:45

31:45

In this episode Open Source Security talks to Dr. Kelly Masada about the Open Information Security Foundation (OISF). The way OISF is managing Suricata through a foundation is super interesting. There are a lot of lessons in this one for both open source projects and existing open source foundations. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-oss_foundations_kelley_misata/…

Open Source Security

1
Forking Open Source Projects with Sheogorath 22:14

7 weeks ago22:14

22:14

In this episode Open Source Security chats with Sheogorath about HedgeDoc project's journey from HackMD to CodiMD and finally to HedgeDoc. We learn what forking a project looks like, including license changes (MIT to AGPL), security vulnerability management across different codebases, naming challenges, and infrastructure migrations. The conversation goes through to journey from HackMD to CodiMD and all the lessons learned along the way. And there are many lessons. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-fork_open_source_sheogorath/…

Open Source Security

1
Patching EOL Open Source with Aaron Frost 22:53

8 weeks ago22:53

22:53

In this episode, Open Source Security chats with Aaron Frost, CEO of Hero Devs about the world of maintaining end-of-life open source software. Aaron explains how EOL versions of open source work and how backporting security fixes can help maintaining compliance. In the discussion we cover the "just upgrade" mentality, how backporting works, why it's hard, and why it matters. We also cover some oddities the world of CVE brings to the discussion. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-patching_EOL_OSS_aaron_frost/…

Open Source Security

1
Why do we keep ignoring CI security with François Proulx 23:38

9 weeks ago23:38

23:38

François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represents a critical and overlooked hole in our supply chain security. It seems like most supply chain compromises are actually from CI system breaches rather than direct code compromise, yet we seem to obsess over everything on either side of the CI system. François has a bunch of really good practical suggestions for how we can start to improve our CI security today. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-ignoring_ci_security_francois_proulx/…

Open Source Security

1
Modern day authentication with Marc Boorshtein 26:17

10 weeks ago26:17

26:17

In this discussion with Tremolo Security CTO Marc Boorshtein, we explore what modern day Single Sign-On (SSO) looks like. Everyone likes to talk about zero trust, but how does that work? We talk about some of the history of authentication that got us here, and some technical details on how you should be implementing authentication into your application. We finish up with some passkey details and realize every authentication discussion really just turns into complaining how hard identity is. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-modern_day_authentication_with_marc_boorshtein/…

Open Source Security

1
Government Security Requirements with Dick Brooks 19:44

11 weeks ago19:44

19:44

Dick Brooks from Business Cyber Guardian discusses the landscape of federal software security requirements, we discuss frameworks like CISA's Software Acquisition Guide, Secure Software Development Framework, and the EU's Cyber Resilience Act. These regulations impact open source projects differently from commercial vendors, Dick helps explain what that means for the vendors as well as open source developers. The accompaning blog can be found at https://opensourcesecurity.io/2025/01-government_security_requirements_with_dick_brooks CISA Software Acquisition Guide CISA SAG Reader Project NASA SSDF collaboration…

Open Source Security

1
Open Source Maintenance with Gary Kramlich 27:18

12 weeks ago27:18

27:18

In this episode, Gary Kramlich, the lead developer of Pidgin discusses the challenges and strategies of maintaining a 26-year-old open source messaging client.Gary tell us all about how a small team manages technical debt, handles library dependencies, and makes decisions about rewrites versus incremental improvements while supporting a broader open source ecosystem. The accompaning blog can be found at https://opensourcesecurity.io/2025/01-open_source_maintenance_with_gary_kramlich/…

Open Source Security

1
Safety vs Security with Thomas Depierre 21:23

13 weeks ago21:23

21:23

In this episode of Open Source Security, Josh welcomes Thomas Depierre, a Site Reliability Engineer and open source maintainer, to discuss the intersection of safety and security. Thomas explains why safety is broader than security. While security often views people as the problem, Thomas explains that people are paradoxically the solution. Nothing should work, but it does, mostly due to people keeping things working. The accompaning blog can be found at https://opensourcesecurity.io/2025/01-safety_vs_security_with_thomas_depierre/…

Open Source Security

1
The Future of Open Source Security 4:28

15 weeks ago4:28

4:28

It’s a new year and time for some changes to the opensourcesecurity.io website. It's time to retire the podcast, but that's to make way for something new and hopefully better. You can read the details in the blog post (the audio version is basically the same thing) https://opensourcesecurity.io/posts/2025-01-the_future_of_open_source_security/…

Selamat datang ke Player FM

Player FM mengimbas laman-laman web bagi podcast berkualiti tinggi untuk anda nikmati sekarang. Ia merupakan aplikasi podcast terbaik dan berfungsi untuk Android, iPhone, dan web. Daftar untuk melaraskan langganan merentasi peranti.