Best Open SSF Podcasts (2025)

1
Securing the Future: AI, Open Source, and Collaboration with Jay White (Microsoft) 25:32

Play Pause

3d ago25:32

25:32

Jay White, a leader in the open source ecosystem at Microsoft, discusses his journey into open source, focusing on AI and machine learning. He highlights his role in the Azure office of the CTO, working on open source, security, and AI standards. White emphasizes the importance of model signing and transparency in AI development, mentioning ongoing…

1
SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical) 26:44

16d ago26:44

26:44

Stephanie Domas, Canonical's Chief Security Officer, returns to What's in the SOSS to discuss critical open source challenges. She addresses the issues of third-party security patch versioning, the rise of software sovereignty, and how custom patches break SBOMs. Domas also explains why geographic code restrictions contradict open source principles…

1
A Deep Dive into the Open Source Project Security (OSPS) Baseline 32:57

1M ago32:57

32:57

In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstrate their project's security posture and fostering confidence in open source projects. They explore its int…

1
Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security Leader 21:43

2M ago21:43

21:43

In this episode of What’s in the SOSS, host Yesenia Yser sits down with Seth Larson, Security Developer in Residence at the Python Software Foundation, as he shares his unique perspective on open source security. From his Minneapolis base, Seth discusses his journey from urllib3 maintainer to leading security initiatives across the Python ecosystem…

1
New Education Course: Secure AI/ML-Driven Software Development (LFEL1012) with David A. Wheeler 38:44

2M ago38:44

38:44

In this episode of “What’s In The SOSS,” Yesenia interviews David A. Wheeler, the Director of Open Source Supply Chain Security at the Linux Foundation. They discuss the importance of secure software development, particularly in the context of AI and machine learning. David shares insights from his extensive experience in the field, emphasizing the…

1
The Remediation Revolution: How AI Agents Are Transforming Open Source Security with John Amaral of Root.io 22:53

2M ago22:53

22:53

In this episode of What's in the SOSS, CRob sits down with John Amaral from Root.io to explore the evolving landscape of open source security and vulnerability management. They discuss how AI and LLM technologies are revolutionizing the way we approach security challenges, from the shift away from traditional "scan and triage" methodologies to an e…

1
From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr Project 34:47

2M ago34:47

34:47

In this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional path into open source as a manager rather than a developer, navigating complex legal challenges to get Motorola's contributions upstream. Now a decade into her tenure at the Linux Foundation, Kate leads …

1
Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts 30:19

3M ago30:19

30:19

The quantum threat is real, and the clock is ticking. With government deadlines set for 2030, organizations have just five years to migrate their cryptographic infrastructure before quantum computers can break current RSA and elliptic curve systems. In this episode of "What's in the SOSS," join host Yesenia Yser as she sits down with David Hook (VP…

1
Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives 14:59

3M ago14:59

14:59

In this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in the OpenSSF's AI/ML working group. Sarah discusses the critical work being done to extend secure software development practices to the rapidly evolving field of AI. She dives into the AI Model Signing project, the gr…

1
Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits 25:30

4M ago25:30

25:30

In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert …

1
From Compliance to Community: Meeting CRA Requirements Together 31:44

4M ago31:44

31:44

In this episode of 'What's in the SOSS” CRob dives deep into the Erlang ecosystem with Jonatan Männchen (CISO, Erlang Ecosystem Foundation), Ulf (Product Owner, Herrmann Ultraschall), and Michael Winser (Alpha Omega). This episode explores the critical importance of security in open source, particularly in light of regulations like the CRA. Hear ho…

1
Building India's Open Source Security Community: From Developer Nation to Security Champions 18:46

5M ago18:46

18:46

Join CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world's largest developer communities. Ram shares his journey from computer science professor to developer evangelist, discusses the launch of LF India, and reveals …

1
From Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building Community 29:49

5M ago29:49

29:49

In this episode of What’s in the SOSS? host Yesenia Yser sits down with open source security engineer and community leader Tabatha DiDomenico for an inspiring conversation about her unexpected path into open source, the vibrant communities behind security, and her role as president of BSides Orlando. From discovering Netscape in the early days to s…

1
Bridging DevOps and Security: Tracy Reagan on the Future of Open Source 20:04

6M ago20:04

20:04

In this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF, Tracy shares her journey through the ever-evolving world of open source security. We dig into the…

1
Yoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes 19:49

6M ago19:49

19:49

In this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how s…

1
Cybersecurity Framework Launch 20:45

7M ago20:45

20:45

In this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey into open source, the role of LF Education in supporting the community, and the importance of cybersecurity education. They also delve into the development of the Global IT Cyber Skills Framework, emphasizing th…

1
Scaling Security: Inside the GitHub Securing Open Source Software Fund 26:48

7M ago26:48

26:48

In this episode of What’s in the SOSS?, CRob sits down with Kevin Crosby and Xavier Rene-Corail from GitHub to unpack the GitHub Secure Open Source Fund - an innovative program that combines funding, education, and community to strengthen open source security. Learn how this unique initiative connects maintainers with training, resources, and a $10…

1
Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter 21:13

7M ago21:13

21:13

In this special episode of What’s in the SoSS?, we welcome Stacey Potter, the new Community Manager at the Open Source Security Foundation (OpenSSF). Stacey shares her winding journey from managing operations at a vitamin company to becoming a powerful advocate and connector in the open source world. We explore her community-first mindset, her work…

1
Secure Software Starts with Awareness: Education & Open Source with the Council of Daves 24:46

8M ago24:46

24:46

In this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversatio…

1
Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF 11:25

8M ago11:25

11:25

In this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” what drew him into the world of open source, and how his decades of experience as a consumer of open source …

1
JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at Scale 17:49

8M ago17:49

17:49

Robin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares her journey, insights on community-led development, and how OpenJS is building a healthier future for the J…

1
Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding 17:18

9M ago17:18

17:18

In this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Red Hat to pioneering AI security at Microsoft. Learn how Yesenia blends her passion for cybersecurity, Braz…

1
OpenSSF 2025 MVVSR Overview 26:56

9M ago26:56

26:56

CRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group to discuss the key lessons learned from open source security in 2024, th…

1
Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain 21:06

11M ago21:06

21:06

CRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and the future of supply chain security. 01:56 - Michael explains how he got into open source 04:10 - The chall…

1
Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects 16:47

12M ago16:47

16:47

In this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity and the people b…

1
Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security 27:15

12M ago27:15

27:15

In this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security. 01:00 - Michael shar…

1
Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security 23:44

1y ago23:44

23:44

CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of…

1
Red Hat's Rodrigo Freire and the Impact of High-Profile Security Incidents 16:58

1y ago16:58

16:58

In this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the open source community. Rodrigo has a distinguished track record of success and experience in several industries, especially high-performance and mission-critical environments in financial services. 01:08 …

1
Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer” 16:58

1y ago16:58

16:58

In this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with over 10 years of ethical hacking, reverse engineering and advanced vulnerability analysis, Stephanie has a deep knowledge and passion for the hacker mindset. 01:14: Stephanie shares how she got her s…

1
Intel’s Katherine Druckman and the Impact of Developer Relations 14:23

1y ago14:23

14:23

In this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair of the OpenSSF Marketing Advisory Council and DevRel Community. Katherine enjoys sharing her passion for a variety of open source topics and is a long-time open source advocate, developer and podcast…

1
Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level 16:24

1y ago16:24

16:24

In this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a complex enterprise. Sarah sits on the OpenSSF Technical Advisory Council and at Dell’s she has been instrumenta…

1
Bidding Adieu to Omkhar Arasaratnam 20:32

1y ago20:32

20:32

In this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As Omkhar moves on to the next chapter of his occupational journey, he reflects on his tenure with the OpenSSF, shares his open source origin story and highlights the achievements of the OpenSSF and the ta…

1
CoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open Source 22:47

1y ago22:47

22:47

Omkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay White, security principal program manager at Microsoft. David and Jay are on the Project Governing Board for the Coalition for Secure AI (CoSAI), an alliance of industry leaders, researchers and develop…

1
GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…” 22:43

1+ y ago22:43

22:43

In this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformatio…

1
CISA's Aeva Black and the Public Sector View of Open Source Security 12:13

1+ y ago12:13

12:13

In this episode, Omkhar Arasaratnam visits with Aeva Black, who currently serves as the Section Chief for Open Source Security at CISA, and is an open source hacker and international public speaker with 25 years of experience building open source software projects at large technology companies. She previously led open source security strategy withi…

1
Google’s Andrew Pollock and Addressing Open Source Vulnerabilities 12:16

1+ y ago12:16

12:16

Episode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and GCP Security. Andrew is passionate about the human factors in security, focusing on scalable solutions, g…

1
Rust Foundation’s Bec Rumbul and Succeeding as a “Non-Techie” in a Tech-Heavy Industry 18:28

1+ y ago18:28

18:28

Bec Rumbul is the Executive Director and CEO of the Rust Foundation, a global non-profit that stewards the Rust language, supports maintainers, and ensures that Rust is safe, secure, and sustainable for the future. She holds a PhD in Politics and Governance and has worked as a consultant and researcher with governments, parliaments and development …

1
Sonatype’s Brian Fox and the Perplexing Phenomenon of Downloading Known Vulnerabilities 22:24

1+ y ago22:24

22:24

Brian Fox is Co-founder and Chief Technology Officer at Sonatype, bringing over 28 years of hands-on experience driving software development for organizations of all sizes, from startups to large enterprises. A recognized figure in the Apache Maven ecosystem and a longstanding member of the Apache Software Foundation, Brian has played a crucial rol…

1
Arun Gupta and Giving Back to Security Communities 22:02

1+ y ago22:02

22:02

Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has been an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source prin…

1
Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX 18:11

1+ y ago18:11

18:11

The world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation …

1
A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS? 20:03

1+ y ago20:03

20:03

Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s Technical Advisory Committee (TAC) Chair. And soon, CRob will step into another role: co-host of What’s in the SOSS? With 25 years of enterprise-class engineering, architectural, operational and leader…

1
OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source Security 14:58

1+ y ago14:58

14:58

Matt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore the frontier of AI, understand its impacts and maximize its benefits, especially in the cybersecurity domain…

1
Eric Brewer and the Future of Open Source Security 16:09

1+ y ago16:09

16:09

In this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interests include operating systems and distributed computing. He is known for formulating the CAP theorem about …

1
Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security 17:29

1+ y ago17:29

17:29

In this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of…

1
Christoph Kern and the Challenge of Keeping Google Secure 20:50

1+ y ago20:50

20:50

In this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security. 00:42 - Christoph offers a rundown of his duties at Google 01:3…

1
Vincent Danen and the Art of Vulnerability Management 18:36

1+ y ago18:36

18:36

Omkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. He’s also on the Governing Board of the OpenSSF. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating…

1
What's in the SOSS? Preview 0:38

1+ y ago0:38

0:38

Omkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF) and a veteran cybersecurity and technical risk management executive. Before joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a…