Open Source Security

Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but Brad has a very pragmatic view about where things are today and where we might see them head. Donating Goose to the AAIF is great news as well as seeing MCP and AGENTS.MD in the foundation. We discuss how to deal with the problem of raising up junior developers, challenges of AI PRs, and some thoughts on how to get started if you're interested in AI development.
The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2026/2026-02-goose-aaif-brad-axen/

Josh chats with Olle E. Johansson about the Global Vulnerability Intelligence Platform (GVIP). It's no secret the current vulnerability systems are reaching a breaking point. Olle is one of the few people with a long term vision instead of trying to just fix the short term problems. His GVIP ideas are very good, but it's a community effort and needs our help. Give it a listen and if it sounds interesting, come help us out!
The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2026/2026-02-GVIP-olle-johansson/

Josh talk to the founder and CEO of Nextcloud, Frank Karlitschek about digital sovereignty. There's a lot of attention lately around digital sovereignty and often that conversation also includes Nextcloud. Frank tells us all about how Nextcloud works, how it can be used to free your data, and has some great insight into what decentralization already looks like and what it could look like soon.
The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2026/2026-02-nextcloud-frank-karlitschek/

Josh talks to David Bernstein about the world of crisis management and business continuity. David is a certified emergency manager and tell us about preparing for both digital and physical disruptions. Everything is IT now, so the way we think about disaster preparedness is changing. We talk about understanding risks, creating plans, and the role of practice in the world of crisis management. This is a super interesting universe and Dave was very patient and kind. I learned a lot and can't wait for Dave to come back.
The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2026/2026-02-crisis-management-david-bernstein/

William Brown is back! This time Josh chats with him about Passkeys. WTF are they? A Passkey is a form of multi factor authentication, but it's not super obvious what that really means. William does a fantastic job explaining what a Passkey is, how we got to where we are today with Passkeys. He shares a ton of explanations about the whole world of authentication along the way. Some of this stuff is basically magic.
The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2026/2026-01-passkey-william-brown/