This week on #OpenSourceSecurity I had a chat with Paul Kehrer and Alex Gaynor about the statement they published discussing the challenges posed by modern OpenSSL for the python cryptography module
I had a chat on #OpenSourceSecurity with @sylvestreledru.bsky.social about his Rust coreutils work
Replacing coreutils with Rust is one of those things that I love as a way to improve security but also keep a project fresh in the modern age
I learned a ton from this disucssion
This week on #OpenSourceSecurity I chat with Brad Axen about Goose and the Agentic AI Foundation
I'm often skeptical about AI claims, but I do approve the foundation model and seeing Goose donated to it
How does open source business model work, why is user empowerment so important, and when is the right time for digital sovereignty?
Find out in the new episode of the @josh.bressers.name podcast as he is joined by our founder @karlitschek.bsky.social
I had a chat with @oej.edvina.net about The Global Vulnerability Intelligence Platform
Olle is working to build a community around the future of vulnerability identifiers
Don't just give it a listen, but also come help Olle. It's a pretty important problem that nobody can solve alone
I had a chat with Frank Karlitschek from @nextcloud.bsky.social about digital sovereignty
There's a lot of attention lately around digital sovereignty and often that conversation also includes Nextcloud
This episode of #OpenSourceSecurity I have a chat with David Bernstein about crisis response
I love this topic because responding to a crisis is pretty common in security work, but doesn't have to be a gong show
This is one of those topics that can go deep. David did a nice job covering basics
In a recent episode of Open Source Security, @josh.bressers.name sits down with Victor Julien, founder and lead developer of the #Suricata project.
Tune in now! opensourcesecurity.io/2026/2026-01...
This episode of #OpenSourceSecurity I discuss @suricata.io with Victor Julian
Victor tells us all about the past, present, and future of #Suricata
I learned a ton
opensourcesecurity.io/2026/2026-01...
This week on #OpenSourceSecurity I have a chat with Gergely Nagy about Iocaine
Iocaine creates a maze of garbage to trap scraping bots. I love this idea, it has amazing chaotic good energy!
I learn all about how Iocaine works, and even got to see some dashboards showing off the size of the problem
This week on #OpenSourceSecurity I have a chat with Xe Iaso about #Anubis, the tool that stops web AI scrapers
The scale of web scraping is way worse than I expected, and blocking things is also a lot harder than I expected
This is one of those conversations where I learned how little I know
This week on #OpenSourceSecurity I chat with Dirkjan Ochtman and Joe Birr-Pixton about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
On a very special Christmas episode of #OpenSourceSecurity I asked Daniel Thompson-Yvetot how the #CRA will impact Santa Claus
I meant the episode to be silly, just in time for Christmas, but I think I learned more from Daniel in those 50 minutes than I have in the last 3 years reading about CRA
This #OpenSourceSecurity episode I chat with Gabriele Columbro from @linuxfoundationeu.bsky.social
We of course chat about the #CRA and how he helped with shaping what we see today
We also cover open source sustainability, vertical foundations, and all the attention open source is receiving
This week on #OpenSourceSecurity I chat with Jamie Tanna about updating open source dependencies. It's usually not as simple as "just update" and Jamie has a ton of real world experience in this working on Renovate
opensourcesecurity.io/2025/2025-12...
This was so much fun to talk about! If you want to find out how we found this bug, the raw story is here first, in my own words :)
This episode of #OpenSourceSecurity I chat with @alex.zenla.io from @edera.dev about the #TARmageddon vulnerability they found
I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one
#OpenSourceSecurity has a chat with @sethmlarson.dev about @python.org security
Seth has a new whitepaper, there's a CFP open (which you should submit a paper to), and some discussion about the PSF grant situation
It's always fun to chat with Seth, I learn a ton every time!
On this episode of #OpenSourceSecurity I chat with Richard Hughes about the Linux Vendor Firmware Service (LVFS)
While it's amazing we can update firmware from Linux now, it was a ton of work to get us here
I had a chat with @charlieeriksen.bsky.social about the recent NPM attacks
We chat about what happened (now that the dust settled), and we discuss what's next.
Charlie is doing some great work in this space, he understands the problem better than most
This week on #OpenSourceSecurity I talk to @ottoke.bsky.social about his blog post about detecting an attack like xz in Debian
It's a fascinating conversation about a very complicated topic
There are things that could be detected, but this one would have been very very difficult
Rock over London, rock on Chicago
I chat with @mikael.barbero.tech about security happenings at the Eclipse Foundation
My favorite project they have is helping projects generate #SBOMs, but there's a lot happening. If you want to see some public examples of how to do security right, give it a listen!
π Just wrapped a fantastic conversation with @josh.bressers.name. We dive deep into enhancing open source security and how we do it at the @eclipse.org
Can't wait for you to hear the full episode, coming soon!
On #OpenSourceSecurity I had a chat with @brianfox.bsky.social about the sustainability letter from the open source package registries
This one is a big deal. The costs for open source are paid by someone, if you don't know who, you need to read this letter
opensourcesecurity.io/2025/2025-10...
MCP is having a moment. @josh.bressers.name wanted to know: what are we actually shipping?
9,000 vulns
263 critical findings
36K+ NPM packages
Outdated base images
Not fear-mongeringβjust data-driven real... https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
#MCP #ContainerSecurity
This week on #OpenSourceSecurity I chat with @foxboron.bsky.social and Levente Polyak about Arch Linux security. It's a great chat where we talk about all the difficulties and oddities of trying to keep a Linux distribution secure
I learned a ton, I'm sure you will too
If you ever want to tell some stories, I have a podcast I run for @cyphercon.bsky.social called Hacker History
hackerhistory.com
This episode of #OpenSourceSecurity I chat with Hana Andersen and Anton Arapov about their upcoming #OpenSSL conference
They also answer a bunch of my questions about the structure of the OpenSSL project, how we got where we are today, and what's coming next
opensourcesecurity.io/2025/2025-09...
Donβt miss this podcast episode with the PSFβs Executive Director, @eximious.bsky.social, on funding open source, PyCon US, global community support & the importance of sustainability!
