Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both develope...
In this discussion with Tremolo Security CTO Marc Boorshtein, we explore what modern day Single Sign-On (SSO) looks like. Everyone likes to talk about zero trust, but how does that work? We talk about some of the history of authentication that got us here, and some technical details on how you should be implementing authentication into your application. We finish up with some passkey details and realize every authentication discussion really just turns into complaining how hard identity is. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-modern_day_authentication_with_marc_boorshtein/
--------
26:17
Government Security Requirements with Dick Brooks
Dick Brooks from Business Cyber Guardian discusses the landscape of federal software security requirements, we discuss frameworks like CISA's Software Acquisition Guide, Secure Software Development Framework, and the EU's Cyber Resilience Act. These regulations impact open source projects differently from commercial vendors, Dick helps explain what that means for the vendors as well as open source developers. The accompaning blog can be found at https://opensourcesecurity.io/2025/01-government_security_requirements_with_dick_brooks CISA Software Acquisition Guide CISA SAG Reader Project NASA SSDF collaboration
--------
19:44
Open Source Maintenance with Gary Kramlich
In this episode, Gary Kramlich, the lead developer of Pidgin discusses the challenges and strategies of maintaining a 26-year-old open source messaging client.Gary tell us all about how a small team manages technical debt, handles library dependencies, and makes decisions about rewrites versus incremental improvements while supporting a broader open source ecosystem. The accompaning blog can be found at https://opensourcesecurity.io/2025/01-open_source_maintenance_with_gary_kramlich/
--------
27:18
Safety vs Security with Thomas Depierre
In this episode of Open Source Security, Josh welcomes Thomas Depierre, a Site Reliability Engineer and open source maintainer, to discuss the intersection of safety and security. Thomas explains why safety is broader than security. While security often views people as the problem, Thomas explains that people are paradoxically the solution. Nothing should work, but it does, mostly due to people keeping things working. The accompaning blog can be found at https://opensourcesecurity.io/2025/01-safety_vs_security_with_thomas_depierre/
--------
21:23
The Future of Open Source Security
It’s a new year and time for some changes to the opensourcesecurity.io website. It's time to retire the podcast, but that's to make way for something new and hopefully better. You can read the details in the blog post (the audio version is basically the same thing) https://opensourcesecurity.io/posts/2025-01-the_future_of_open_source_security/
Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works.
There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.
México