Best Stig Daniels Podcasts (2025)

1
TIVP028: Estée Lauder (EL): Michael Burry’s Big Bet w/ Daniel Mahncke & Shawn O’Malley 1:09:44

Play Pause

1d ago1:09:44

1:09:44

Daniel Mahncke and Shawn O’Malley take a closer look at Estée Lauder’s turbulent turnaround, tracing the beauty giant’s fall from pandemic favorite to contrarian play. After years of strong growth, the company was hit by an inventory pileup, the collapse of China’s daigou shopping channel, and a broader slowdown in its most important market. In thi…

1
TIVP027: LVMH (MC): Investing in True Luxury w/ Shawn O’Malley & Daniel Mahncke 1:23:47

8d ago1:23:47

1:23:47

Shawn O’Malley and Daniel Mahncke break down LVMH (ticker: MC), an iconic luxury goods empire with brands ranging from Louis Vuitton to Moët, Dior, Chandon, Hennessy, Tiffany, Bulgari, and Tag Heur, among others. It’s a powerful conglomerate built by one of the world’s richest men, Bernard Arnault, known as the “wolf in cashmere” for his ruthless c…

1
TIVP026: The Intrinsic Value Portfolio: Mid-Year Review w/ Daniel Mahncke & Shawn O’Malley 1:40:41

15d ago1:40:41

1:40:41

Daniel and Shawn step back for a mid-year review of the Intrinsic Value Portfolio, revisiting each holding to test the strength of their original theses and weigh what’s changed. From ride-hailing to beauty retail, this episode covers the full lineup: why Uber’s cross-sell flywheel and Waymo partnership reinforce its moat; how Alphabet’s latest ear…

1
Package URLs with Philippe Ombredanne 36:48

22d ago36:48

36:48

I'm joined by Philippe Ombredanne, creator of the Package URL (PURL), to discuss the surprisingly complex and messy problem of simply identifying open source software packages. We dive into how PURLs provide a universal, common-sense standard that is becoming essential for the future of SBOMs and securing the software supply chain. The show notes a…

1
TIVP025: Smith & Wesson (SWBI): Deep Value — Locked and Loaded w/ Daniel Mahncke & Shawn O’Malley 1:14:18

22d ago1:14:18

1:14:18

Shawn O’Malley and Daniel Mahnke break down Smith & Wesson (ticker: SWBI), an iconic firearms manufacturer with 170+ years of history. Smith & Wesson is no compounder, though. It’s an okay business, at best, but Shawn and Daniel want to determine whether this often-overlooked stock is cheaply priced. In this episode, you’ll learn how Smith & Wesson…

1
Hobbyist Maintainers with Thomas DePierre 49:03

29d ago49:03

49:03

Thomas DePierre joins Open Source Security to discuss the central idea from his blog post, "You are all on the hobbyist maintainers turf now," exploring the massive disconnect between the corporate world that consumes open source and the hobbyist community that actually produces it. The conversation reveals this isn't a new problem, but a long-stan…

1
TIVP024: TSMC (TSM): The Most Important Business in the World? w/ Daniel Mahncke & Shawn O’Malley 1:31:59

29d ago1:31:59

1:31:59

Daniel Mahncke and Shawn O’Malley turn their focus to Taiwan Semiconductor Manufacturing Company (ticker: TSM) — the quiet engine powering nearly every device we touch and the global AI boom. Pioneering the pure-play foundry model, TSMC went from a government-backed experiment in the late 1980s to controlling more than 90 % of the world’s leading-e…

1
STIG automation with Aaron Lippold 33:28

1M ago33:28

33:28

I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools like InSpec, Heimdall, and Vulcan that automate validation, normalize diverse security data, and streamline the entire security authoring process. The s…

1
TIVP023: Nubank (NU): Banking on Latin America w/ Shawn O’Malley & Daniel Mahncke 1:34:19

1M ago1:34:19

1:34:19

Shawn O’Malley and Daniel Mahncke break down Nubank (ticker: NU), a leading fintech company providing credit card, banking, and insurance services to millions across Latin America, with nearly 60% of Brazil’s adult population using one of the company’s products. Nubank’s success is a true David vs.Goliath story, overcoming a powerful banking oligop…

1
Ecosyste.ms with Andrew Nesbitt 35:38

1M ago35:38

35:38

I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more. With this dataset Andrew is able to incredible insights into the world of open source. We chat all about how Ecosyste.ms works and how he manages to wrangle all this data. The s…

1
TIVP022: Amazon (AMZN): Is It Prime Time for Investors? w/ Daniel Mahncke & Shawn O’Malley 1:31:14

1M ago1:31:14

1:31:14

Daniel Mahncke and Shawn O’Malley break down Amazon (ticker: AMZN), one of the most transformative companies of the modern era — a business that started as an online bookstore and ended up reshaping global commerce, cloud computing, and digital infrastructure. From innovating retail logistics to building the backbone of the internet through AWS, Am…

1
Curl vs AI with Daniel Stenberg 34:23

2M ago34:23

34:23

Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's new policy of banning the bad actors while establishing some pretty sane AI usage guidelines. We chat about how this low-effort, high-impact abuse pattern is a denial-of-service attack on the curl projec…

1
TIVP021: Shopify (SHOP): The Battle For The Future of E-Commerce w/ Shawn O’Malley & Daniel Mahncke 1:24:38

2M ago1:24:38

1:24:38

Shawn O’Malley and Daniel Mahncke break down Shopify (ticker: SHOP), a leading e-commerce platform company enabling e-commerce merchants across the world to seamlessly manage nearly every part of their business in one place. Shopify has been locked in a power struggle with Amazon, as the two present distinct visions for the future of e-commerce: Am…

1
Repository signing with Kairo De Araujo 33:29

2M ago33:29

33:29

I recently had a chat with Kairo about a project he maintains called Repository Service for TUF (RSTUF). We explain why TUF is tough (har har har), what RSTUF can do, and some of the challenges around securing repositories. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-rstuf-with-kairo-de-a…

1
TIVP020: Visa (V): Is Visa still the Card to Hold? w/ Daniel Mahncke & Shawn O’Malley 1:23:14

2M ago1:23:14

1:23:14

Daniel Mahncke and Shawn O’Malley break down Visa (ticker: V), the global payments powerhouse that acts as the invisible engine behind billions of transactions every day. Visa doesn’t issue cards, lend money, or handle customer accounts — instead, it operates the network that connects banks, merchants, and consumers in over 200 countries. Whether y…

1
Securing GitHub Actions with William Woodruff 31:50

2M ago31:50

31:50

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guid…

1
TIVP019: Adobe (ADBE): Designing a Creative Empire w/ Shawn O’Malley & Daniel Mahncke 1:27:50

2M ago1:27:50

1:27:50

Shawn O’Malley and Daniel Mahncke break down Adobe (ticker: ADBE), a leading software company providing end-to-end solutions for creative professionals, from design and creation to marketing and performance measurement. Through apps like Photoshop and After Effects, Adobe offers an industry-leading suite of productivity tools for creatives, includi…

1
Embedded Security with Paul Asadoorian 34:24

2M ago34:24

34:24

Recently, I had the pleasure of chatting with Paul Asadoorian, Principal Security Researcher at Eclypsium and the host of the legendary Paul's Security Weekly podcast. Our conversation dove into the often-murky waters of embedded systems and the Internet of Things (IoT), sparked by a specific vulnerability discussion on Paul's show concerning refer…

1
TIVP018: Mercedes-Benz (MBG): Can Benz Reinvent the Car? w/ Daniel Mahncke & Shawn O’Malley 1:17:20

2M ago1:17:20

1:17:20

Daniel Mahncke and Shawn O’Malley break down Mercedes-Benz (ticker: MBG), one of the world’s most iconic automakers known for luxury, engineering, and performance. From the invention of the automobile to perfecting the engineering craft, Mercedes has shaped the way the world moves — and it wants to continue to do so, now with a stronger focus on EV…

1
tj-actions with Endor Lab's Dimitri Stiliadis 32:39

3M ago32:39

32:39

Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with produc…

1
TIVP017: Comfort Systems (FIX): Blue-Collar Compounder w/ Shawn O’Malley & Daniel Mahnke 1:15:36

3M ago1:15:36

1:15:36

Shawn O’Malley and Daniel Mahnke break down Comfort Systems (ticker: FIX), a specialty contracting company providing installation and maintenance services for the electrical, HVAC, and plumbing needs of schools, hospitals, apartment buildings, restaurants, data centers, manufacturing facilities, and a range of other customers. Comfort Systems is so…

1
Syft, Grype, and Grant with Alan Pope 31:04

3M ago31:04

31:04

I chat with Alan Pope about the open source security tools Syft, Grype, and Grant. These tools help create Software Bills of Materials (SBOMs) and scan for vulnerabilities. Learn why generating and storing SBOMs is crucial for understanding your software supply chain and quickly responding to new threats like Log4Shell. The show notes and blog post…

1
TIVP016: Uber (UBER): Cash Burner To Compounder? w/ Shawn O’Malley & Daniel Mahncke 1:24:25

3M ago1:24:25

1:24:25

Shawn O’Malley and Daniel Mahncke break down Uber (ticker: UBER), a ubiquitous tech giant that has changed how the world travels. Uber became profitable annually for the first time in 2023, and as its user growth accelerates, the company appears to be achieving modest economies of scale, making it an increasingly attractive business. In this episod…

1
CVE for EOL with Aaron Frost 30:00

3M ago30:00

30:00

Aaron Frost explores the overly complex world of vulnerability identifiers for end of life software. We discuss how incomplete CVE reporting creates blind spots for users while arming attackers with knowledge. The conversation uncovers the ethical tensions between resource constraints and security transparency, highlighting why the "vulnerable unti…

1
TIVP015: Nike (NKE): Just Buy It? w/ Daniel Mahncke and Shawn O'Malley 1:06:57

3M ago1:06:57

1:06:57

Daniel Mahncke and Shawn O’Malley break down Nike (ticker: NKE), the global leader in athletic footwear and apparel. With a legacy built on innovation, iconic athlete endorsements, and a brand that resonates across generations, Nike has long been a dominant force in the sportswear industry. But after years of consistent success, the company is now …

1
cargo-semver-checks with Predrag Gruevski 33:35

3M ago33:35

33:35

Cargo Semver Checks is a Rust tool by Predrag Gruevski that is tackling the problem of broken dependencies that cost developers time when trying to upgrade dependencies. Predrag's work shows how automated checks can catch breaking changes before they're released, potentially saving projects from unexpected failures and making dependency updates les…

1
TIVP014: Reddit (RDDT): Valuing the Front Page of the Internet w/ Shawn O’Malley & Daniel Mahnke 1:22:34

3M ago1:22:34

1:22:34

In today’s episode, Shawn O’Malley and Daniel Mahnke break down Reddit (ticker: RDDT), an emerging social media giant. Reddit became profitable for the first time in 2024, and as its user growth accelerates, the company appears to be achieving economies of scale, making it a very promising business. In this episode, you’ll learn why Reddit is such …

1
Distributed CI and Git with Lars Wirzenius 27:27

4M ago27:27

27:27

Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboration platform. Together, these projects offer a glimpse into a more distributed future for software development, addressing key challenges in current CI/C…

1
TIVP013: Moncler (MONC): Zipped for Success w/ Daniel Mahncke & Shawn O'Malley 1:35:20

4M ago1:35:20

1:35:20

In today’s episode, Daniel Mahncke and Shawn O’Malley break down Moncler (ticker: MONC), an emerging leader in luxury outerwear. Known for its iconic down jackets, high-profile collaborations, and strategic expansion into new markets, Moncler has established itself as a powerhouse in the luxury fashion industry. As the company focuses on strengthen…

1
FIDO authentication with William Brown 29:26

4M ago29:26

29:26

William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect how hardware tokens are authenticated against. The conversation covers the spectrum of hardware security key quality, attestation mechanisms, and the …

1
TIVP012: Hershey (HSY): A Deliciously Beaten Down Stock? w/ Shawn O'Malley & Daniel Mahncke 1:30:45

4M ago1:30:45

1:30:45

In today’s episode, Shawn O’Malley and Daniel Mahnke break down Hershey (ticker: HSY), a company about so much more than chocolate. From Hershey’s Kisses to Reese’s, Skinny Pop, and Dot’s Pretzels, Hershey’s is home to a number of iconic brands and is turning into an increasingly diversified snacking company. In this episode, you’ll learn how Hersh…

1
CRA with Luis Villa 25:46

4M ago25:46

25:46

In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the complex relationship between security and sustainability. Luis provides practical guidance on navigating this evolving regulatory landscape while explaining…

1
TIVP011: Nintendo (NTDOY): “Switching” It Up w/ Daniel Mahncke and Shawn O'Malley 1:42:39

4M ago1:42:39

1:42:39

In today’s episode, Daniel Mahncke and Shawn O’Malley break down Nintendo (ticker: NTDOY), a global gaming powerhouse. With its legendary franchises, expanding digital services, and a growing presence beyond gaming, Nintendo is evolving into a broader entertainment empire. As the company focuses on building an everlasting ecosystem and shifting tow…

1
Open Source Malware with Brian Fox 30:18

4M ago30:18

30:18

Brian Fox discusses findings from a recent Sonatype report about the growing challenge of malicious packages in open source repositories. At the time of recording there are now over 820,000 malware packages in public repositories. Brian explains why certain ecosystems are more vulnerable than others and how behavioral detection methods can identify…

1
TIVP010: Airbnb (ABNB): A Silicon Valley Gem w/ Shawn O’Malley 1:10:04

4M ago1:10:04

1:10:04

In today’s episode, Shawn O’Malley (@Shawn_OMalley_) breaks down Airbnb (ticker: ABNB), a dominant and disruptive business in the hospitality industry. Airbnb has changed how the world travels, convincing millions to spend a night in a stranger’s home, similar to how Uber convinced the world to ride in strangers’ vehicles. Shawn explores how Airbnb…

1
Open Source Foundations with Kelley Misata of Suricata 31:45

4M ago31:45

31:45

In this episode Open Source Security talks to Dr. Kelly Masada about the Open Information Security Foundation (OISF). The way OISF is managing Suricata through a foundation is super interesting. There are a lot of lessons in this one for both open source projects and existing open source foundations. The blog post for this episode can be found at h…

1
TIVP009: Blue Owl Capital (OWL): The Next Blackstone? w/ Shawn O’Malley 1:13:51

4M ago1:13:51

1:13:51

In today’s episode, Shawn O’Malley (@Shawn_OMalley_) breaks down Blue Owl Capital (ticker: OWL), an emerging giant in the world of alternative asset management that specializes in private credit. Blue Owl has quickly grown its assets under management to over $230 billion and is one of the few SPACs from 2020 to work out, yet Shawn explores whether …

1
Forking Open Source Projects with Sheogorath 22:14

5M ago22:14

22:14

In this episode Open Source Security chats with Sheogorath about HedgeDoc project's journey from HackMD to CodiMD and finally to HedgeDoc. We learn what forking a project looks like, including license changes (MIT to AGPL), security vulnerability management across different codebases, naming challenges, and infrastructure migrations. The conversati…

1
TIVP008: VeriSign (VRSN): The Internet’s Toll Road w/ Shawn O’Malley 1:04:07

5M ago1:04:07

1:04:07

In today’s episode, Shawn O’Malley (@Shawn_OMalley_) breaks down VeriSign, a company that underpins the functioning of the internet. VeriSign acts like a toll road, collecting fees from anyone using website domains ending in .com or .net, in exchange for managing the global domain registry system and making these domains accessible. VeriSign is a f…

1
Patching EOL Open Source with Aaron Frost 22:53

5M ago22:53

22:53

In this episode, Open Source Security chats with Aaron Frost, CEO of Hero Devs about the world of maintaining end-of-life open source software. Aaron explains how EOL versions of open source work and how backporting security fixes can help maintaining compliance. In the discussion we cover the "just upgrade" mentality, how backporting works, why it…

1
TIVP007: AutoZone (AZO): Under The Hood w/ Shawn O’Malley 1:10:57

5M ago1:10:57

1:10:57

In today’s episode, Shawn O’Malley (@Shawn_OMalley_) breaks down AutoZone, ticker: AZO, a 100-bagger stock that continues to wow investors with its massive share repurchases after already buying back more than 90% of its total shares outstanding in the past two decades. AutoZone is a seemingly mundane auto parts retailer, a common store you’ve prob…

1
Why do we keep ignoring CI security with François Proulx 23:38

5M ago23:38

23:38

François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represents a critical and overlooked hole in our supply chain security. It seems like most supply chain compromises are actually from CI system breaches rather than direct code compromise, yet we seem to obses…

1
TIVP006: Vital Farms (VITL): Egg-cellent Value? w/ Shawn O'Malley 1:12:05

5M ago1:12:05

1:12:05

In today’s episode, Shawn O’Malley (@Shawn_OMalley_) breaks down Vital Farms, a company that sells pasture-raised eggs with a cult-like following. Vital Farms missed the memo that eggs are supposed to be a commodity and instead has brought the “premium egg” market mainstream. Shawn goes through how the company has scaled its business sustainably an…

1
Modern day authentication with Marc Boorshtein 26:17

5M ago26:17

26:17

In this discussion with Tremolo Security CTO Marc Boorshtein, we explore what modern day Single Sign-On (SSO) looks like. Everyone likes to talk about zero trust, but how does that work? We talk about some of the history of authentication that got us here, and some technical details on how you should be implementing authentication into your applica…

1
TIVP005: Alphabet (GOOGL): Searching for Quality w/ Shawn O’Malley 1:16:13

5M ago1:16:13

1:16:13

In today’s episode, Shawn O’Malley (@Shawn_OMalley_) breaks down Alphabet — the parent company of Google, which is one of the most valuable companies in the world and probably an important part of your everyday life. Shawn explores how Google got its start, how Alphabet makes money from seemingly-free services like Gmail, Google Maps, and Google Ea…

1
Government Security Requirements with Dick Brooks 19:44

6M ago19:44

19:44

Dick Brooks from Business Cyber Guardian discusses the landscape of federal software security requirements, we discuss frameworks like CISA's Software Acquisition Guide, Secure Software Development Framework, and the EU's Cyber Resilience Act. These regulations impact open source projects differently from commercial vendors, Dick helps explain what…

1
TIVP004: John Deere (DE): Sowing the Seeds of Growth w/ Shawn O’Malley 1:12:53

6M ago1:12:53

1:12:53

In today’s episode, Shawn O’Malley (@Shawn_OMalley_) breaks down John Deere, a company as American as Levi’s blue jeans and apple pie. John Deere is a fascinating business because it has survived for nearly two hundred years and remained an industry leader for much of that time, continually building their world-famous green-and-yellow tractors. Dee…

1
Open Source Maintenance with Gary Kramlich 27:18

6M ago27:18

27:18

In this episode, Gary Kramlich, the lead developer of Pidgin discusses the challenges and strategies of maintaining a 26-year-old open source messaging client.Gary tell us all about how a small team manages technical debt, handles library dependencies, and makes decisions about rewrites versus incremental improvements while supporting a broader ope…

1
TIVP003: Ulta Beauty (ULTA): A Beautiful Compounder w/ Shawn O’Malley 1:13:02

6M ago1:13:02

1:13:02

In today’s episode, Shawn O’Malley (@Shawn_OMalley_) breaks down what you might call a beautiful compounder. That is, Ulta Beauty, one of America’s largest retailers for cosmetics, skincare, and hair care products, with an impressive track record of generating returns on capital while benefiting from industry trends where beauty enthusiasts increas…

1
Safety vs Security with Thomas Depierre 21:23

6M ago21:23

21:23

In this episode of Open Source Security, Josh welcomes Thomas Depierre, a Site Reliability Engineer and open source maintainer, to discuss the intersection of safety and security. Thomas explains why safety is broader than security. While security often views people as the problem, Thomas explains that people are paradoxically the solution. Nothing…