Open Source Security | Podcast Guru

Overview

Episodes

Details

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hours. Let's focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what's up, they have a lot to teach us. We just have to listen.

Recent Episodes

DEC 8, 2025

Updating open source dependencies with Jamie Tanna

Josh discusses updating open source dependencies with Jamie Tanna. Jamie works on Renovate which gives them a lot of insight into the challenges of keeping your open source updated. We discuss the challenges of semantic versioning, supply chain security, and AI-generated code. If you're new or old to the world of open source dependencies, there's something to learn from this chat.

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-12-renovate-jamie

29 MIN

DEC 1, 2025

TARmageddon with Alex Zenla

Josh discusses the TARmageddon vulnerability with Alex Zenla, CTO of Edera. In this episode, we explore the discovery of the TARmageddon vulnerability. It's especially interesting because it's Rust, but also involves multiple end of life crates. Alex shares the story of how Edera managed to figure all this out (it was not simple). Hard problems are still hard, but there's a lot of lessons in this one.

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/

42 MIN

NOV 24, 2025

Python Security with Seth Larson

In this episode Seth Larson gives us a cornucopia of topics relating to Python security. Seth discusses the Python Software Foundation's decision to reject a significant grant NSF. Diversity is a big deal to python, so this was a no brainier. We discuss the upcoming PyCon US conference, featuring a new security track that fosters collaboration between developers and security experts. Josh is a huge fan of having a security track at developer conferences. And we close on a paper about zip and tar archives Seth wrote. It seems like we should have zip and tar security figured out by now, but we don't. Thankfully Seth is working on it.

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-11-python-security-seth-larson/

31 MIN

NOV 17, 2025

Linux Vendor Firmware Service with Richard Hughes

Josh talks to Richard Hughes about the world of firmware. We cover how Richard's journey from developing the ColorHug led to the creation of the Linux Vendor Firmware Service (LVFS), changing how firmware updates are managed for nearly every Linux user. Updating firmware has always been dicey, and on Linux it used to be impossible. Richard helps us understand how this all works and how we can all help out.

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-11-lvfs-richard-hughes/

35 MIN

NOV 9, 2025

NPM supply chain attacks with Charlie Eriksen

Josh chats with Charlie Eriksen, a security researcher at Aikido Security. We discuss the recent NPM supply chain attacks that affect hundreds of packages. Charlie shares his experiences dealing with recent security breaches, the challenges of maintaining trust in open source software, and the importance of proactive measures to safeguard open source. The rapid pace of change is impacting our security practices and what steps can be taken to foster resilience in the face of evolving threats.

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-11-npm-charlie/

34 MIN