Open Source Security

Josh Bressers

Open Source Software

Open Source

Cybersecurity

Security

Vulnerabilities

Cyber Resilience Act

Supply Chain Security

Kubernetes

NPM

Github

Vulnerability Management

Wordpress

CISA

Software Development

Open Source Malware

CVE

Security.txt

Github Actions

Vulnerability Disclosure

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hour... more

438 ratings

Publishes	Weekly	Episodes	531	Founded	10 years ago
Number of Listeners		Category	Technology

Listen to this Podcast

Guests Host Reviews Charts Talking Points

Latest Episodes

Vulnerability disclosure with Casey Ellis

Josh talks to Casey Ellis about why vulnerability disclosure is so hard, and also so important. Casey is one of the best in this space having been a Bugcrowd founder. There are few people with more experience and insight into how a security vulnerabi... more

25 May 2026 • 37 min • Most popular

F-Droid the open app store with Hans

Josh talks to Hans-Christoph Steiner about F-Droid, the Free and Open Source Android App Repository. The way F-Droid works looks a lot like a Linux distribution which has some interesting security challenges, but also some great security benefits. Ha... more

18 May 2026 • 36 min

Open source is critical infrastructure with Kat Cosgrove

Josh talks to Kat Cosgrove about a how companies should be treating open source more like their critical infrastructure than free stuff. Kat has a ton of knowledge about how the interactions between companies and open source communities can work well... more

11 May 2026 • 38 min

How to actually test a disaster plan with David Bernstein

Josh and David finish up the disaster recovery and emergency planning trilogy. In this one David tells us how to test the plan he told us how to build in the last episode. There are some great ideas in this one about how to test the process not the p... more

4 May 2026 • 34 min

Key Facts

Accepts Guests

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)Johannes B. Ullrich

2.5 AdminsThe Late Night Linux Family

Click HereRecorded Future News

Risky BusinessRisky Business Media

Defense in DepthDavid Spark, Steve Zalewski, Geoff Belknap

Recent Guests

Casey Ellis

Founder of Bugcrowd and disclose.io

Bugcrowd, disclose.io

Episode: Vulnerability disclosure with Casey Ellis

Hans-Christoph Steiner

FDroid maintainer/developer; advocate for free software on Android

FDroid / Guardian Project

Episode: F-Droid the open app store with Hans

Kat Cosgrove

Head of Developer Advocacy at Minimus; Kubernetes Steering Committee member

Minimus; Kubernetes Steering Committee

Episode: Open source is critical infrastructure with Kat Cosgrove

Vlad Harbuz

Open Source Pledge and Open Source Sustainability advocate

Open Source Pledge / Sentry

Episode: Open Source Pledge with Vlad-Stefan Harbuz

Paul McCarty

Founder and maintainer of Open Source Malware

Open Source Malware

Episode: Open Source Malware with Paul McCarty

Andrew Nesbitt

Open Source Developer and Package Manager enthusiast

Eco (package management ecosystem)

Episode: Package management challenges with Andrew Nesbitt

Michael Wisner

Co-founder of Alpha Omega

Alpha Omega

Episode: Open Source Security at scale with Michael Winser

Luke Hinds

CEO of Always Further; Open Source security expert

Always Further

Episode: MCP and Agent security with Luke Hinds

Paul Kehrer

Co-maintainer, Python Cryptographic Authority

Python Cryptographic Authority

Episode: The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

Host

Josh

Host of the show, frequently guiding technical and governance conversations in open source security.

Reviews

4.7 out of 5 stars from 438 ratings

Open source security and more
Josh may no longer be with Kurt, he still makes a wicked podcast with a good concentrated dose of open source security.
Apple Podcasts
5
LikeToTaste
United Kingdoma year ago
josh is insufferable
I really enjoy Kurt’s perspective on stuff. Josh is insufferable. Not sure what complex he suffers from, but he can never be wrong and is always steamrolling Kurt.
Apple Podcasts
1
letitsnowman
United States2 years ago
Great Podcast
I don't work in this field; I'm strictly a security hobbyist. Found this podcast through archive.org, incidentally. Listened to 5 minutes of one episode and that was enough for me to subscribe. Thanks for a great podcast!
Apple Podcasts
5
CornOnTheMacabre
United States2 years ago
Most frustrating show I continue listening to
Like a meeting with no agenda it can be informative and entertaining and you’re never quite sure if you should attend again but usually you do.
Apple Podcasts
4
cspeckrun
United States3 years ago
The banter is spot on
as of September 2023 be negative reviews may be from non-techs or squishy persons in general. I understand the humor, and every episode that I have listened to so far which is only half a dozen the hosts understand and get what they are talking about. having over 20 years both professionally and not in the information technology field I find myself quite amused at their observations, and more often than not not in agreement more than once an episode. If the hosts, however, ever come across this ... more
Apple Podcasts
4
unbleachedbit
United States3 years ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Mixed reactions to pacing and tone, but overall highly regarded for expert guests and actionable insights.

Listeners praise the depth and practicality of security-focused discussions.

Some reviewers note strong host banter but value the technical rigor.

Chart Rankings

How this podcast ranks in the Apple Podcasts, Spotify and YouTube charts.

Apple Podcasts	#247	Canada/Technology
Apple Podcasts	#44	Poland/Technology
Apple Podcasts	#91	Finland/Technology
Apple Podcasts	#138	Norway/Technology
Apple Podcasts	#152	Saudi Arabia/Technology
Apple Podcasts	#191	Austria/Technology

Talking Points

Recent interactions between the hosts and their guests.

Vulnerability disclosure with Casey Ellis

Q: What should open source maintainers or companies do to prepare for a future where AI accelerates both vulnerability discovery and exploitation?

Maintain a threat-modeling mindset, triage inputs effectively, and build in-house capabilities to assess and respond to reports. Pair AI-assisted tooling with human oversight to separate signal from noise, and focus on making vulnerability intake, validation, and remediation processes more resilient and transparent for all parties involved.

Vulnerability disclosure with Casey Ellis

Q: Tell us a little bit about yourself for anyone who might not know who you are.

I'm Casey Ellis, founder of Bugcrowd and disclose.io. I started this work after growing up as a hacker and moving into pen-testing and entrepreneurship, with a goal to create a better operating environment for people who hack in good faith and to outsmart the bad guys by mobilizing intelligent security researchers.

Open Source Pledge with Vlad-Stefan Harbuz

Q: What are some governance insights discussed in the episode?

Governance should go beyond code to include shared governance structures to avoid bottlenecks and bus factors, as highlighted by examples like WordPress, to ensure projects remain healthy even if key individuals step back.

Open Source Pledge with Vlad-Stefan Harbuz

Q: What are the benefits of joining the pledge beyond payments?

Joining the pledge signals leadership in Open Source, helps with recruitment for employees who care about Open Source, and provides promotional visibility for the companies involved.

Open Source Malware with Paul McCarty

Q: What are the biggest challenges you see in today's software supply chain security, and how can industry players collaborate to address them?

The biggest challenges are silos among vendors, the sheer volume of new registries and AI-driven tooling, and the difficulty of maintaining visibility in CI/CD pipelines. The solution is better cross-vendor communication, shared data standards, and more open collaboration so defenders aren't flying blind during incidents.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Open Source Security

What is Open Source Security about and what kind of topics does it cover?

This show centers on open source security, governance, and practical risk management across software ecosystems. Conversations span maintaining open source projects, disaster recovery planning for tech organizations, secure software supply chains, and the economics of funding security in OSS. Notable patterns include deep dives with technical guests (cryptography, Rust tooling, package registries, vulnerability management) and pragmatic guidance for teams: governance models, funding strategies, and hands-on incident response. A standout angle is treating essential OSS components as infrastructure, with attention to burnout, sustainability, and collaboration between maintainers, vendors, and leadership. The format often blends technical rigo... more

Where can I find podcast stats for Open Source Security?

Rephonic provides a wide range of podcast stats for Open Source Security. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Open Source Security and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Open Source Security get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Open Source Security, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Open Source Security?

Rephonic provides comprehensive predictive audience data for Open Source Security, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Open Source Security have?

To see how many followers or subscribers Open Source Security has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Open Source Security?

These podcasts share a similar audience with Open Source Security:

1. SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
2. 2.5 Admins
3. Click Here
4. Risky Business
5. Defense in Depth

How many episodes of Open Source Security are there?

Open Source Security launched 10 years ago and published 531 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Open Source Security?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Open Source Security?

Rephonic pulls ratings and reviews for Open Source Security from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Open Source Security?

Rephonic provides full transcripts for episodes of Open Source Security. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Open Source Security?

Recent guests on Open Source Security include:

1. Casey Ellis
2. Hans-Christoph Steiner
3. Kat Cosgrove
4. Vlad Harbuz
5. Paul McCarty
6. Andrew Nesbitt
7. Michael Wisner
8. Luke Hinds

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days