A group of friends take turns discussing the ins and outs of the gaming world and their personal lives.
…
continue reading
Daniel Nicholson Podcasts
A Conversation podcast about Rugby League, hosted by Bo Nicholson with regular panellists Kieran Gibson, Daniel Friend, Kris Wareing and Myles Stedman (and special comments from Eoin 'The Big E' Gibson).
…
continue reading
Entrepreneurship is cut throat and competitive, and it can be a challenge to get your business to stand out from the competition. Join Ted Teo, a Mergers & Acquisitions Lawyer who has advised Tech Giants (such as Tesla and Spotify) and has raised over US$1 billion for startups, every Monday as he interviews successful entrepreneurs for their best actionable entrepreneurship advice. If you are an entrepreneur who wants the best advice and insights on building a successful business, then this ...
…
continue reading
Independent Film News and Interviews
…
continue reading
Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is ...
…
continue reading
1
OpenSSL with Hana Andersen and Anton Arapov
28:48
28:48
Play later
Play later
Lists
Like
Liked
28:48
I discuss all things OpenSSL with Hana Andersen and Anton Arapov from the OpenSSL Corporation. Discover the intricacies of organizing the first-ever OpenSSL conference in Prague, the importance of post-quantum cryptography, and the evolution of OpenSSL from a small team to a global community. Whether you're a seasoned cryptographer or just curious …
…
continue reading
After a brief hiatus the boys are back to talk about all the past gaming news we missed.By Super Ultra Podcast Arcade
…
continue reading
1
The Python Software Foundation with Deb Nicholson
37:48
37:48
Play later
Play later
Lists
Like
Liked
37:48
In this episode I discuss the Python Software Foundation with Deb Nicholson. We discuss their contributions to the Python programming community. Learn how this dedicated organization supports the growth and innovation of Python, fostering an ecosystem for developers worldwide. Everything funding open-source projects to organizing community events, …
…
continue reading
1
Using Mercator to map assets with Didier Barzin
25:48
25:48
Play later
Play later
Lists
Like
Liked
25:48
In this episode, we the information system mapping tool Mercator with Didier Barzin, a CISO at a hospital in Luxembourg. Discover how Mercator revolutionizes the way organizations map their complex information systems. From hospitals to universities and even the banking sector. Mercator helps manage and protect vast networks by creating dynamic, co…
…
continue reading
In this episode, I discuss into the security features of Talos Linux with Andrey Smirnov. Andrey explains how Talos focuses on its immutability and minimal attack surface. Discover how these enhancements fortify your systems against vulnerabilities, ensuring a secure and resilient infrastructure. Join us as we explore the security advancements that…
…
continue reading
1
Discussing the Open Source, Open Threats? paper with Behzad and Ali
34:59
34:59
Play later
Play later
Lists
Like
Liked
34:59
In this episode I chat with the authors of a recent paper on open source security: Open Source, Open Threats? Investigating Security Challenges in Open-Source Software. I chat with Ali Akhavani and Behzad Ousat about their findings. There are interesting data points in the paper such as a 98% increase in reported vulnerabilities compared to a 25% g…
…
continue reading
1
crates.io trusted publishing with Tobias Bieniek
25:39
25:39
Play later
Play later
Lists
Like
Liked
25:39
In this episode we discuss crates.io trusted publishing with Tobias Bieniek. We cover the steps crates.io is taking to enhance supply chain security through trusted publishing, a method that leverages short-lived tokens and GitHub actions to safeguard against unauthorized access. Tobias shares insights into the challenges of managing a large-scale …
…
continue reading
In this episode I chat with Patrick Garrity from VulnCheck. We discuss the chaos that has enveloped the CVE and NVD programs over the past two years. We cover some of the transparency and communication challenges with the existing program. What some of the new things that have started to emerge as well as why they seem to be struggling. We end on t…
…
continue reading
On this week pod( I know I'm late again. Shit happens), we're talking Pokemon direct, Battlefield 6 trailer, Microsoft walking back 80 buck games , and more.By Super Ultra Podcast Arcade
…
continue reading
1
GCVE with Cédric Bonhomme and Alexandre Dulaunoy
31:38
31:38
Play later
Play later
Lists
Like
Liked
31:38
In this episode I discuss GCVE and Vulnerability-Lookup with Alex and Cedric from CIRCL. GCVE offers a decentralized approach, allowing organizations to assign their own IDs and publish vulnerabilities independently. Vulnerability-Lookup is the tool that makes GCVE a reality. The flexibility addresses many of the limitations we see today with a sin…
…
continue reading
1
EU Regulations will change everything with Daniel Thompson
31:57
31:57
Play later
Play later
Lists
Like
Liked
31:57
In this episode, we dive into the Product Liability Directive and Cyber Resilience Act with Daniel Thompson, CEO of Crab Nebula. The EU's new legislative framework impacts manufacturers in ways we don't totally understand, but are going to bring substantial changes to how companies use and develop open source. Daniel explains the broader implicatio…
…
continue reading
On this week's pod we're talking new Ubisoft subsidiary CEOs, THPS 3+4, Donkey Kong Bananza, and more.By Super Ultra Podcast Arcade
…
continue reading
1
Open source microprocessors with Jan Pleskac
30:51
30:51
Play later
Play later
Lists
Like
Liked
30:51
In this episode Jan Pleskac, CEO and co-founder of Tropic Square, shares insights on the challenges and innovations in creating open and auditable hardware. While most hardware is very closed, Tropic Square is working to change this. WE discuss how open source can enhance security, the complexities of integrating third-party technologies, and the f…
…
continue reading
On this week's pod we're talking Subnautica 2 issues, Ghost of Yotei extended gameplay showcase, Tony Hawk and more. Happy 10th Anniversary to Rocket LeagueBy Super Ultra Podcast Arcade
…
continue reading
On this week pod we're talking Microsoft layoffs, EA is teasing an NCAA basketball, Ironheart, and more.By Super Ultra Podcast Arcade
…
continue reading
On this week pod we're talking Capcom Spotlight, Resident Evil9, Pragmata, Little Nightmares 3, Meta Quest 3S Xbox Edition, and more.By Super Ultra Podcast Arcade
…
continue reading
On this week pod we're talking Marathon the game cancelling it's release date, Donkey Kong Bananza, and more. Happy 10th anniversary to Batman Arkham Knight and 20th to Battlefield 2.By Super Ultra Podcast Arcade
…
continue reading
I'm joined by Philippe Ombredanne, creator of the Package URL (PURL), to discuss the surprisingly complex and messy problem of simply identifying open source software packages. We dive into how PURLs provide a universal, common-sense standard that is becoming essential for the future of SBOMs and securing the software supply chain. The show notes a…
…
continue reading
We're talking Xbox Showcase and more.By Super Ultra Podcast Arcade
…
continue reading
51
Hobbyist Maintainers with Thomas DePierre
49:03
49:03
Play later
Play later
Lists
Like
Liked
49:03
Thomas DePierre joins Open Source Security to discuss the central idea from his blog post, "You are all on the hobbyist maintainers turf now," exploring the massive disconnect between the corporate world that consumes open source and the hobbyist community that actually produces it. The conversation reveals this isn't a new problem, but a long-stan…
…
continue reading
We're talking Summer Game Fest and PlayStation State of Play.By Super Ultra Podcast Arcade
…
continue reading
I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools like InSpec, Heimdall, and Vulcan that automate validation, normalize diverse security data, and streamline the entire security authoring process. The s…
…
continue reading
We're talking Bungie stealing designs, Giant Bomb going independent, Randy being Randy, Black Panther game being cancelled and more. Happy 10th Anniversary to Witcher 3: The Wild Hunt and SplatoonBy Super Ultra Podcast Arcade
…
continue reading
I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more. With this dataset Andrew is able to incredible insights into the world of open source. We chat all about how Ecosyste.ms works and how he manages to wrangle all this data. The s…
…
continue reading
Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's new policy of banning the bad actors while establishing some pretty sane AI usage guidelines. We chat about how this low-effort, high-impact abuse pattern is a denial-of-service attack on the curl projec…
…
continue reading
We're talking GTA 6, Giant Bomb surviving, Polygon layoffs, and more. Happy 20th Anniversary Forza Motorsport.By Super Ultra Podcast Arcade
…
continue reading
101
Repository signing with Kairo De Araujo
33:29
33:29
Play later
Play later
Lists
Like
Liked
33:29
I recently had a chat with Kairo about a project he maintains called Repository Service for TUF (RSTUF). We explain why TUF is tough (har har har), what RSTUF can do, and some of the challenges around securing repositories. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-rstuf-with-kairo-de-a…
…
continue reading
On this weeks Podcast we discuss Games and other stuff.By Super Ultra Podcast Arcade
…
continue reading
1
Securing GitHub Actions with William Woodruff
31:50
31:50
Play later
Play later
Lists
Like
Liked
31:50
William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guid…
…
continue reading
Recently, I had the pleasure of chatting with Paul Asadoorian, Principal Security Researcher at Eclypsium and the host of the legendary Paul's Security Weekly podcast. Our conversation dove into the often-murky waters of embedded systems and the Internet of Things (IoT), sparked by a specific vulnerability discussion on Paul's show concerning refer…
…
continue reading
1
tj-actions with Endor Lab's Dimitri Stiliadis
32:39
32:39
Play later
Play later
Lists
Like
Liked
32:39
Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with produc…
…
continue reading
We discuss game announcements at Star Wars Celebration, Switch 2 news,Mario Kart World Direct PS5 price increase in select markets, and more. Happy 10th Anniversary Mortal Kombat X, Happy 20th Anniversary PsychonautsBy Super Ultra Podcast Arcade
…
continue reading
I chat with Alan Pope about the open source security tools Syft, Grype, and Grant. These tools help create Software Bills of Materials (SBOMs) and scan for vulnerabilities. Learn why generating and storing SBOMs is crucial for understanding your software supply chain and quickly responding to new threats like Log4Shell. The show notes and blog post…
…
continue reading
We discuss the more Switch 2, Bungie's Marathon trailer, PS5 price hike in other regions, Blue Prince, South of Midnight and more. Happy 20th Anniversary to Jade Empire, Lego Star Wars: The Video Game Happy 50th Anniversary to MicrosoftBy Super Ultra Podcast Arcade
…
continue reading
Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with knowledge. The conversation uncovers the ethical tensions between resource constraints and security transparency, highlighting why the "vulnerable unti…
…
continue reading
We discuss the Switch 2 in detail and what this means for the future of gaming.By Super Ultra Podcast Arcade
…
continue reading
1
cargo-semver-checks with Predrag Gruevski
33:35
33:35
Play later
Play later
Lists
Like
Liked
33:35
Cargo Semver Checks is a Rust tool by Predrag Gruevski that is tackling the problem of broken dependencies that cost developers time when trying to upgrade dependencies. Predrag's work shows how automated checks can catch breaking changes before they're released, potentially saving projects from unexpected failures and making dependency updates les…
…
continue reading
On this week podcast we discuss the Nintendo direct (before Nintendo Switch 2 direct), Game Informer cominig back, and more. Happy Anniversaries to Bloodborne, PSP console, and God of war.By Super Ultra Podcast Arcade
…
continue reading
We're back after a month hiatus (or more depending when I finally finish editing the podcast) with tons to talk about. Happy Belated Anniversary 10th Anniversary to Cities Skylines, Ori and the Blind Forest, and Helldivers. Happy Belated 20th Anniversary to Gran Turismo 4, Star Wars Republic Commando, Devil May Cry 3: Dante's Awakening, Phantom Dus…
…
continue reading
1
Distributed CI and Git with Lars Wirzenius
27:27
27:27
Play later
Play later
Lists
Like
Liked
27:27
Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboration platform. Together, these projects offer a glimpse into a more distributed future for software development, addressing key challenges in current CI/C…
…
continue reading
William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect how hardware tokens are authenticated against. The conversation covers the spectrum of hardware security key quality, attestation mechanisms, and the …
…
continue reading
In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the complex relationship between security and sustainability. Luis provides practical guidance on navigating this evolving regulatory landscape while explaining…
…
continue reading
Brian Fox discusses findings from a recent Sonatype report about the growing challenge of malicious packages in open source repositories. At the time of recording there are now over 820,000 malware packages in public repositories. Brian explains why certain ecosystems are more vulnerable than others and how behavioral detection methods can identify…
…
continue reading
1
Open Source Foundations with Kelley Misata of Suricata
31:45
31:45
Play later
Play later
Lists
Like
Liked
31:45
In this episode Open Source Security talks to Dr. Kelly Masada about the Open Information Security Foundation (OISF). The way OISF is managing Suricata through a foundation is super interesting. There are a lot of lessons in this one for both open source projects and existing open source foundations. The blog post for this episode can be found at h…
…
continue reading
1
Forking Open Source Projects with Sheogorath
22:14
22:14
Play later
Play later
Lists
Like
Liked
22:14
In this episode Open Source Security chats with Sheogorath about HedgeDoc project's journey from HackMD to CodiMD and finally to HedgeDoc. We learn what forking a project looks like, including license changes (MIT to AGPL), security vulnerability management across different codebases, naming challenges, and infrastructure migrations. The conversati…
…
continue reading
This week we discuss Sony State of Play and much more.By Super Ultra Podcast Arcade
…
continue reading
1
Patching EOL Open Source with Aaron Frost
22:53
22:53
Play later
Play later
Lists
Like
Liked
22:53
In this episode, Open Source Security chats with Aaron Frost, CEO of Hero Devs about the world of maintaining end-of-life open source software. Aaron explains how EOL versions of open source work and how backporting security fixes can help maintaining compliance. In the discussion we cover the "just upgrade" mentality, how backporting works, why it…
…
continue reading
1
Why do we keep ignoring CI security with François Proulx
23:38
23:38
Play later
Play later
Lists
Like
Liked
23:38
François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represents a critical and overlooked hole in our supply chain security. It seems like most supply chain compromises are actually from CI system breaches rather than direct code compromise, yet we seem to obses…
…
continue reading
1
Modern day authentication with Marc Boorshtein
26:17
26:17
Play later
Play later
Lists
Like
Liked
26:17
In this discussion with Tremolo Security CTO Marc Boorshtein, we explore what modern day Single Sign-On (SSO) looks like. Everyone likes to talk about zero trust, but how does that work? We talk about some of the history of authentication that got us here, and some technical details on how you should be implementing authentication into your applica…
…
continue reading
On this week's podcast we're discussing the Switch 2 announcement, Xbox Developer's Direct, and much more. Happy 10th Anniversary Life is Strange and Dying Light. Happy 20th Anniversary to Resident Evil 4.By Super Ultra Podcast Arcade
…
continue reading
