The open source software ecosystem has always faced tough challenges related to community, governance, and scalability. More than ever before, much conversation about open source struggles is devoted to the security of the software supply chain, especially when considering the unique challenges of a distributed, often anonymous, community-based development team.
Josh Bressers, VP of Security at Anchore, fellow podcaster and Open SSF volunteer, joins us to talk about why, despite these challenges, open source isn't broken and how to address the very human aspects of open source security and communities.
Resources:
Avoiding the success trap: Toward policy for open-source software as infrastructure
I am not a supplier
All About SBOMs: The Software Bill of Materials
Open Source: The Nerd Version of Formula One
XKCD: Dependency
Guest:Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Josh is the co-lead of the OpenSSF SBOM Everywhere project and co-hosts the Open Source Security Podcast and the Hacker History Podcast. He also is the co-founder of the Global Security Database project to bring vulnerability identification into the modern age.
Building Better Open Source Projects
Empowering Developers with AI Tools
The Kubernetes Effect: Abdel Sghiouar on Modernizing Infrastructure and Communities
Conversations on Community, Cloud Infrastructure, and Sustainability
Authorization with SpiceDB
User Experience and Open Source Software
Better Than the Sum of Our Parts
Optimization and Continuous Profiler: A Look at Granulate
Charting the CHAOSS: Insights into Open Source Health and Viability
It's All About Observability: Jaeger, OpenSearch, and OpenTelemetry
The Future of Security is Open
Teaching Kids the Cloud Native Way
Cloud Native Computing and Environmental Sustainability: A Discussion with Intel's Marlow Weston
Getting Involved: Making the First Move in Open Source
Real-Tme Streaming with Numaproj and Kubernetes
Exploring the Past and Future of Open Source at SCaLE
DevOps and Platform Engineering
GitHub, Open Source, and Developers Helping Developers
Bridging the Gap: Growing Our Community
Automation and Infrastructure as Code
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast