Open Source Security

Josh Bressers

Open Source Software

Open Source

Cybersecurity

Security

Vulnerabilities

Cyber Resilience Act

Supply Chain Security

Kubernetes

NPM

Github

Vulnerability Management

Wordpress

CISA

Software Development

Github Actions

Open Source Malware

CVE

Security.txt

Vulnerability Disclosure

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hour... more

438 ratings

Publishes	Weekly	Episodes	534	Founded	10 years ago
Number of Listeners		Category	Technology

Listen to this Podcast

Guests Host Reviews Charts Talking Points

Latest Episodes

Packagist and Composer security with Jordi Boggiano

Josh welcomes Jordi Boggiano the lead maintainer of Composer and Packagist to explain the truckload of security features they've recently added. Packagist is the PHP package registry, Composer is the dependency manager for PHP. Recently the people be... more

Today • 34 min

Sustaining Open VSX with Mike and Thabang

Josh welcomes Mike Milinkovich and Thabang Mashologu from the Eclipse Foundation to talk about their new managed Open VSX registry. This is the first open source package registry to create a commercial operation for large company users to help fund t... more

15 Jun 2026 • 36 min

Hacking your CI/CD with François Proulx

Josh welcomes back François Proulx to talk about the absolute madness in the CI/CD universe right now. We also learn about François' new project SmokedMeat which is a tool to help you hack your own CI/CD. When Josh spoke to François a year ago, the w... more

8 Jun 2026 • 35 min • Most popular

Open source verification with Sal Kimmich

Josh chats with Sal Kimmich about the current state of everything, and what we can expect next. Sal has some incredible insight into what we can expect to see due to the current wave of security bugs and incidents. There are some new features we will... more

1 Jun 2026 • 31 min

Key Facts

Accepts Guests

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

2.5 AdminsThe Late Night Linux Family

Oxide and FriendsOxide Computer Company

Security Now (Audio)TWiT

LINUX UnpluggedJupiter Broadcasting

Late Night LinuxThe Late Night Linux Family

Recent Guests

François Proulx

VP of Security Research at Boost Security

Boost Security

Episode: Hacking your CI/CD with François Proulx

Sal Kimmich

security architect

Episode: Open source verification with Sal Kimmich

Casey Ellis

Founder of Bugcrowd and disclose.io

Bugcrowd, disclose.io

Episode: Vulnerability disclosure with Casey Ellis

Hans-Christoph Steiner

FDroid maintainer/developer; advocate for free software on Android

FDroid / Guardian Project

Episode: F-Droid the open app store with Hans

Kat Cosgrove

Head of Developer Advocacy at Minimus; Kubernetes Steering Committee member

Minimus; Kubernetes Steering Committee

Episode: Open source is critical infrastructure with Kat Cosgrove

David Bernstein

Certified Emergency Manager and Certified Business Continuity Professional

Episode: How to actually test a disaster plan with David Bernstein

Vlad Harbuz

Open Source Pledge and Open Source Sustainability advocate

Open Source Pledge / Sentry

Episode: Open Source Pledge with Vlad-Stefan Harbuz

Paul McCarty

Founder and maintainer of Open Source Malware

Open Source Malware

Episode: Open Source Malware with Paul McCarty

Andrew Nesbitt

Open Source Developer and Package Manager enthusiast

Eco (package management ecosystem)

Episode: Package management challenges with Andrew Nesbitt

Host

Josh

Host of the show, frequently guiding technical and governance conversations in open source security.

Reviews

4.7 out of 5 stars from 438 ratings

Open source security and more
Josh may no longer be with Kurt, he still makes a wicked podcast with a good concentrated dose of open source security.
Apple Podcasts
5
LikeToTaste
United Kingdoma year ago
josh is insufferable
I really enjoy Kurt’s perspective on stuff. Josh is insufferable. Not sure what complex he suffers from, but he can never be wrong and is always steamrolling Kurt.
Apple Podcasts
1
letitsnowman
United States2 years ago
Great Podcast
I don't work in this field; I'm strictly a security hobbyist. Found this podcast through archive.org, incidentally. Listened to 5 minutes of one episode and that was enough for me to subscribe. Thanks for a great podcast!
Apple Podcasts
5
CornOnTheMacabre
United States2 years ago
Most frustrating show I continue listening to
Like a meeting with no agenda it can be informative and entertaining and you’re never quite sure if you should attend again but usually you do.
Apple Podcasts
4
cspeckrun
United States3 years ago
The banter is spot on
as of September 2023 be negative reviews may be from non-techs or squishy persons in general. I understand the humor, and every episode that I have listened to so far which is only half a dozen the hosts understand and get what they are talking about. having over 20 years both professionally and not in the information technology field I find myself quite amused at their observations, and more often than not not in agreement more than once an episode. If the hosts, however, ever come across this ... more
Apple Podcasts
4
unbleachedbit
United States3 years ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Mixed reactions to pacing and tone, but overall highly regarded for expert guests and actionable insights.

Listeners praise the depth and practicality of security-focused discussions.

Some reviewers note strong host banter but value the technical rigor.

Chart Rankings

How this podcast ranks in the Apple Podcasts, Spotify and YouTube charts.

Apple Podcasts	#94	Sweden/Technology
Apple Podcasts	#122	Finland/Technology
Apple Podcasts	#222	Saudi Arabia/Technology

Talking Points

Recent interactions between the hosts and their guests.

Hacking your CI/CD with François Proulx

Q: What should teams do next to improve CI/CD security in light of these incidents?

Teams should threat-model their YAML workflows to minimize exposed secrets, rotate credentials, implement off-GitHub handling for sensitive data, monitor for new exploitation techniques in near real-time, and use tools like Poutine and Bagel to inventory and test their own environments. They should also adopt safer credential practices and create rapid-response playbooks to reduce blast radius when compromises occur.

Hacking your CI/CD with François Proulx

Q: What is SmokedMeat and why release an offensive tool in the open?

SmokedMeat is positioned as a controlled, defensive-oriented framework that mirrors Metasploit-style capabilities but is used to help defenders validate fixes, understand attack surfaces, and teach teams what could go wrong in CI/CD pipelines without enabling real-world misuse. It's about arming blue teams with realistic scenarios to test and improve their security posture.

Vulnerability disclosure with Casey Ellis

Q: What should open source maintainers or companies do to prepare for a future where AI accelerates both vulnerability discovery and exploitation?

Maintain a threat-modeling mindset, triage inputs effectively, and build in-house capabilities to assess and respond to reports. Pair AI-assisted tooling with human oversight to separate signal from noise, and focus on making vulnerability intake, validation, and remediation processes more resilient and transparent for all parties involved.

Vulnerability disclosure with Casey Ellis

Q: Tell us a little bit about yourself for anyone who might not know who you are.

I'm Casey Ellis, founder of Bugcrowd and disclose.io. I started this work after growing up as a hacker and moving into pen-testing and entrepreneurship, with a goal to create a better operating environment for people who hack in good faith and to outsmart the bad guys by mobilizing intelligent security researchers.

Open Source Pledge with Vlad-Stefan Harbuz

Q: What are some governance insights discussed in the episode?

Governance should go beyond code to include shared governance structures to avoid bottlenecks and bus factors, as highlighted by examples like WordPress, to ensure projects remain healthy even if key individuals step back.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Open Source Security

What is Open Source Security about and what kind of topics does it cover?

This show centers on open source security, governance, and practical risk management across software ecosystems. Conversations span maintaining open source projects, disaster recovery planning for tech organizations, secure software supply chains, and the economics of funding security in OSS. Notable patterns include deep dives with technical guests (cryptography, Rust tooling, package registries, vulnerability management) and pragmatic guidance for teams: governance models, funding strategies, and hands-on incident response. A standout angle is treating essential OSS components as infrastructure, with attention to burnout, sustainability, and collaboration between maintainers, vendors, and leadership. The format often blends technical rigo... more

Where can I find podcast stats for Open Source Security?

Rephonic provides a wide range of podcast stats for Open Source Security. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Open Source Security and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Open Source Security get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Open Source Security, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Open Source Security?

Rephonic provides comprehensive predictive audience data for Open Source Security, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Open Source Security have?

To see how many followers or subscribers Open Source Security has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Open Source Security?

These podcasts share a similar audience with Open Source Security:

1. 2.5 Admins
2. Oxide and Friends
3. Security Now (Audio)
4. LINUX Unplugged
5. Late Night Linux

How many episodes of Open Source Security are there?

Open Source Security launched 10 years ago and published 534 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Open Source Security?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Open Source Security?

Rephonic pulls ratings and reviews for Open Source Security from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Open Source Security?

Rephonic provides full transcripts for episodes of Open Source Security. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Open Source Security?

Recent guests on Open Source Security include:

1. François Proulx
2. Sal Kimmich
3. Casey Ellis
4. Hans-Christoph Steiner
5. Kat Cosgrove
6. David Bernstein
7. Vlad Harbuz
8. Paul McCarty

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days