What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure. Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments. Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stron ...
…
continue reading
1
Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security
27:15
27:15
Spela senare
Spela senare
Listor
Gilla
Gillad
27:15
In this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security. 01:00 - Michael shar…
…
continue reading
1
Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security
23:44
23:44
Spela senare
Spela senare
Listor
Gilla
Gillad
23:44
CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of…
…
continue reading
1
Red Hat's Rodrigo Freire and the Impact of High-Profile Security Incidents
16:58
16:58
Spela senare
Spela senare
Listor
Gilla
Gillad
16:58
In this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the open source community. Rodrigo has a distinguished track record of success and experience in several industries, especially high-performance and mission-critical environments in financial services. 01:08 …
…
continue reading
1
Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer”
16:58
16:58
Spela senare
Spela senare
Listor
Gilla
Gillad
16:58
In this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with over 10 years of ethical hacking, reverse engineering and advanced vulnerability analysis, Stephanie has a deep knowledge and passion for the hacker mindset. 01:14: Stephanie shares how she got her s…
…
continue reading
1
Intel’s Katherine Druckman and the Impact of Developer Relations
14:23
14:23
Spela senare
Spela senare
Listor
Gilla
Gillad
14:23
In this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair of the OpenSSF Marketing Advisory Council and DevRel Community. Katherine enjoys sharing her passion for a variety of open source topics and is a long-time open source advocate, developer and podcast…
…
continue reading
1
Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level
16:24
16:24
Spela senare
Spela senare
Listor
Gilla
Gillad
16:24
In this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a complex enterprise. Sarah sits on the OpenSSF Technical Advisory Council and at Dell’s she has been instrumenta…
…
continue reading
1
Bidding Adieu to Omkhar Arasaratnam
20:32
20:32
Spela senare
Spela senare
Listor
Gilla
Gillad
20:32
In this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As Omkhar moves on to the next chapter of his occupational journey, he reflects on his tenure with the OpenSSF, shares his open source origin story and highlights the achievements of the OpenSSF and the ta…
…
continue reading
1
CoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open Source
22:47
22:47
Spela senare
Spela senare
Listor
Gilla
Gillad
22:47
Omkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay White, security principal program manager at Microsoft. David and Jay are on the Project Governing Board for the Coalition for Secure AI (CoSAI), an alliance of industry leaders, researchers and develop…
…
continue reading
1
GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…”
22:43
22:43
Spela senare
Spela senare
Listor
Gilla
Gillad
22:43
In this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformatio…
…
continue reading
1
CISA's Aeva Black and the Public Sector View of Open Source Security
12:13
12:13
Spela senare
Spela senare
Listor
Gilla
Gillad
12:13
In this episode, Omkhar Arasaratnam visits with Aeva Black, who currently serves as the Section Chief for Open Source Security at CISA, and is an open source hacker and international public speaker with 25 years of experience building open source software projects at large technology companies. She previously led open source security strategy withi…
…
continue reading
1
Google’s Andrew Pollock and Addressing Open Source Vulnerabilities
12:16
12:16
Spela senare
Spela senare
Listor
Gilla
Gillad
12:16
Episode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, g…
…
continue reading
1
Rust Foundation’s Bec Rumbul and Succeeding as a “Non-Techie” in a Tech-Heavy Industry
18:28
18:28
Spela senare
Spela senare
Listor
Gilla
Gillad
18:28
Bec Rumbul is the Executive Director and CEO of the Rust Foundation, a global non-profit that stewards the Rust language, supports maintainers, and ensures that Rust is safe, secure, and sustainable for the future. She holds a PhD in Politics and Governance and has worked as a consultant and researcher with governments, parliaments and development …
…
continue reading
1
Sonatype’s Brian Fox and the Perplexing Phenomenon of Downloading Known Vulnerabilities
22:24
22:24
Spela senare
Spela senare
Listor
Gilla
Gillad
22:24
Brian Fox is Co-founder and Chief Technology Officer at Sonatype, bringing over 28 years of hands-on experience driving software development for organizations of all sizes, from startups to large enterprises. A recognized figure in the Apache Maven ecosystem and a longstanding member of the Apache Software Foundation, Brian has played a crucial rol…
…
continue reading
1
Arun Gupta and Giving Back to Security Communities
22:02
22:02
Spela senare
Spela senare
Listor
Gilla
Gillad
22:02
Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has been an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source prin…
…
continue reading
1
Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX
18:11
18:11
Spela senare
Spela senare
Listor
Gilla
Gillad
18:11
The world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation …
…
continue reading
1
A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS?
20:03
20:03
Spela senare
Spela senare
Listor
Gilla
Gillad
20:03
Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s Technical Advisory Committee (TAC) Chair. And soon, CRob will step into another role: co-host of What’s in the SOSS? With 25 years of enterprise-class engineering, architectural, operational and leader…
…
continue reading
1
OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source Security
14:58
14:58
Spela senare
Spela senare
Listor
Gilla
Gillad
14:58
Matt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore the frontier of AI, understand its impacts and maximize its benefits, especially in the cybersecurity domain…
…
continue reading
1
Eric Brewer and the Future of Open Source Security
16:09
16:09
Spela senare
Spela senare
Listor
Gilla
Gillad
16:09
In this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about …
…
continue reading
1
Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security
17:29
17:29
Spela senare
Spela senare
Listor
Gilla
Gillad
17:29
In this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of…
…
continue reading
1
Christoph Kern and the Challenge of Keeping Google Secure
20:50
20:50
Spela senare
Spela senare
Listor
Gilla
Gillad
20:50
In this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security. 00:42 - Christoph offers a rundown of his duties at Google 01:3…
…
continue reading
1
Vincent Danen and the Art of Vulnerability Management
18:36
18:36
Spela senare
Spela senare
Listor
Gilla
Gillad
18:36
Omkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. He’s also on the Governing Board of the OpenSSF. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating…
…
continue reading
Omkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF) and a veteran cybersecurity and technical risk management executive. Before joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a…
…
continue reading