Rephonic
Artwork for Open Source Security

Open Source Security

Josh Bressers
Open Source Software
Open Source
Cybersecurity
Open Source Security
Security
Vulnerabilities
Cyber Resilience Act
Supply Chain Security
Kubernetes
NPM
Github
Vulnerability Management
Wordpress
CISA
Software Development
Github Actions
Open Source Malware
CVE
Security.txt
Vulnerability Disclosure

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hour... more

PublishesWeeklyEpisodes537Founded10 years ago
Number of ListenersCategory
Technology

Listen to this Podcast

Artwork for Open Source Security

Latest Episodes

Josh welcomes Mo Duffy from Red Hat to chat about project Lightwell. The idea is to leverage the resources and understanding Red Hat has built up over the years to help deal with the deluge of vulnerability reports that are overwhelming open source p... more

Josh chats with Lori Lorusso and Niko Matsakis about the Rust Foundation Maintainers Fund. This is a new project the Rust Foundation has create to help fund Rust maintainers. It's a great discussion where Lori and Niko cover all the ways they expect ... more

Josh chats with Allan Friedman about all things Bill of Materials. Allan did a ton of work to help turn SBOM into what it is today. He has many thoughts and ideas around the new types of BOMs, a concept he's calling the OmniBOM. Allan is always fun t... more

Josh welcomes Jordi Boggiano the lead maintainer of Composer and Packagist to explain the truckload of security features they've recently added. Packagist is the PHP package registry, Composer is the dependency manager for PHP. Recently the people be... more

Key Facts

Accepts Guests
Contact Information
Podcast Host
Number of Listeners
Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

Risky Business
Risky BusinessRisky Business Media
LINUX Unplugged
LINUX UnpluggedJupiter Broadcasting
Darknet Diaries
Darknet DiariesJack Rhysider
Risky Bulletin
Risky BulletinRisky Business Media

Recent Guests

Allan Friedman
godfather of SBOM; senior technical advisor at the Institute for Security and Technology; advises industry as technologist and residence at the TPO group
Institute for Security and Technology; TPO group
Episode: AIBOM, CBOM, and HBOM with Allan Friedman
Jordi Boggiano
Lead maintainer of Composer and Packagist
Private Packagist
Episode: Packagist and Composer security with Jordi Boggiano
Mike Milinkovich
Executive Director at the Eclipse Foundation
Eclipse Foundation
Episode: Sustaining Open VSX with Mike and Thabang
Thabang Mashologu
Chief Marketing Officer at the Eclipse Foundation
Eclipse Foundation
Episode: Sustaining Open VSX with Mike and Thabang
François Proulx
VP of Security Research at Boost Security
Boost Security
Episode: Hacking your CI/CD with François Proulx
Sal Kimmich
security architect
Episode: Open source verification with Sal Kimmich
Casey Ellis
Founder of Bugcrowd and disclose.io
Bugcrowd, disclose.io
Episode: Vulnerability disclosure with Casey Ellis
Hans-Christoph Steiner
FDroid maintainer/developer; advocate for free software on Android
FDroid / Guardian Project
Episode: F-Droid the open app store with Hans
Kat Cosgrove
Head of Developer Advocacy at Minimus; Kubernetes Steering Committee member
Minimus; Kubernetes Steering Committee
Episode: Open source is critical infrastructure with Kat Cosgrove

Host

Josh
Host of the show, frequently guiding technical and governance conversations in open source security.

Reviews

4.7 out of 5 stars from 440 ratings
  • Open source security and more

    Josh may no longer be with Kurt, he still makes a wicked podcast with a good concentrated dose of open source security.

    Apple Podcasts
    5
    LikeToTaste
    United Kingdoma year ago
  • josh is insufferable

    I really enjoy Kurt’s perspective on stuff. Josh is insufferable. Not sure what complex he suffers from, but he can never be wrong and is always steamrolling Kurt.

    Apple Podcasts
    1
    letitsnowman
    United States2 years ago
  • Great Podcast

    I don't work in this field; I'm strictly a security hobbyist. Found this podcast through archive.org, incidentally. Listened to 5 minutes of one episode and that was enough for me to subscribe. Thanks for a great podcast!

    Apple Podcasts
    5
    CornOnTheMacabre
    United States2 years ago
  • Most frustrating show I continue listening to

    Like a meeting with no agenda it can be informative and entertaining and you’re never quite sure if you should attend again but usually you do.

    Apple Podcasts
    4
    cspeckrun
    United States3 years ago
  • The banter is spot on

    as of September 2023 be negative reviews may be from non-techs or squishy persons in general. I understand the humor, and every episode that I have listened to so far which is only half a dozen the hosts understand and get what they are talking about. having over 20 years both professionally and not in the information technology field I find myself quite amused at their observations, and more often than not not in agreement more than once an episode. If the hosts, however, ever come across this ... more

    Apple Podcasts
    4
    unbleachedbit
    United States3 years ago

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Mixed reactions to pacing and tone, but overall highly regarded for expert guests and actionable insights.
Listeners praise the depth and practicality of security-focused discussions.
Some reviewers note strong host banter but value the technical rigor.

Chart Rankings

How this podcast ranks in the Apple Podcasts, Spotify and YouTube charts.

Apple Podcasts
#47
Ukraine/Technology
Apple Podcasts
#174
Poland/Technology
Apple Podcasts
#186
Norway/Technology
Apple Podcasts
#209
Austria/Technology
Apple Podcasts
#227
Russia/Technology

Talking Points

Recent interactions between the hosts and their guests.

AIBOM, CBOM, and HBOM with Allan Friedman
Q: What should listeners do next if they want to get involved or learn more about HBOM or Aibom?
Start by identifying the specific corner of the ecosystem you care about, explore existing communities and projects (HBOM, SBOM tooling, SPDX/Cyclone DX), and contribute. Don't need permission—get involved with working groups or open-source projects and look for modular, phased opportunities to help implement useful features.
AIBOM, CBOM, and HBOM with Allan Friedman
Q: What role do regulations play in driving adoption, and what is the risk if we wait too long to formalize standards?
Regulation acts as a necessary catalyst; without it, many organizations lack motivation to invest in SBOM and related transparency efforts. A measured regulatory model—targeted, iterative updates—helps teams align incentives with risk management and procurement processes, while not stifling innovation.
AIBOM, CBOM, and HBOM with Allan Friedman
Q: So, you mention in your article the idea that there's all this data and it's all vaguely related in a meaningful way. How do you see all these BOMs fitting together in practice?
The practical path is to treat SBOM, HBOM, and Aibom as complementary pillars that can be unified under an Omnibom concept, but implement them in stages. Start with core data, align on minimum elements, and ensure interoperability so different teams can share and use the data without locking everyone into one monolithic approach.
Packagist and Composer security with Jordi Boggiano
Q: Well, I guess your colleagues wrote maybe, we'll say, whatever, details. But why don't you introduce yourself, tell us what Composer and Packagist are, and we'll go from there.
I'm Jordi, and Composer is the PHP dependency manager while Packagist is the package registry. Packagist.org serves as the public registry, with private packages available via Packagist, and we launched Private Packagist to support paying customers. We've been shipping security-focused features and are exploring stronger build provenance, malware scanning, and improved transparency through a public log.
Sustaining Open VSX with Mike and Thabang
Q: Who pays for the OpenVSX infrastructure and how is the pricing structured?
Developers can continue to use extensions for free; only large-scale consumers (e.g., those hitting multi-RPS traffic) are charged through a consumption-based model, with the Eclipse Foundation acting as the intermediary and ensuring vendor neutrality; this aligns funding with usage rather than voluntary donations.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Open Source Security

What is Open Source Security about and what kind of topics does it cover?

This show centers on open source security, governance, and practical risk management across software ecosystems. Conversations span maintaining open source projects, disaster recovery planning for tech organizations, secure software supply chains, and the economics of funding security in OSS. Notable patterns include deep dives with technical guests (cryptography, Rust tooling, package registries, vulnerability management) and pragmatic guidance for teams: governance models, funding strategies, and hands-on incident response. A standout angle is treating essential OSS components as infrastructure, with attention to burnout, sustainability, and collaboration between maintainers, vendors, and leadership. The format often blends technical rigo... more

Where can I find podcast stats for Open Source Security?

Rephonic provides a wide range of podcast stats for Open Source Security. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Open Source Security and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Open Source Security get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Open Source Security, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Open Source Security?

Rephonic provides comprehensive predictive audience data for Open Source Security, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Open Source Security have?

To see how many followers or subscribers Open Source Security has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Open Source Security?

These podcasts share a similar audience with Open Source Security:

1. Risky Business
2. LINUX Unplugged
3. SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
4. Darknet Diaries
5. Risky Bulletin

How many episodes of Open Source Security are there?

Open Source Security launched 10 years ago and published 537 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Open Source Security?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Open Source Security?

Rephonic pulls ratings and reviews for Open Source Security from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Open Source Security?

Rephonic provides full transcripts for episodes of Open Source Security. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Open Source Security?

Recent guests on Open Source Security include:

1. Allan Friedman
2. Jordi Boggiano
3. Mike Milinkovich
4. Thabang Mashologu
5. François Proulx
6. Sal Kimmich
7. Casey Ellis
8. Hans-Christoph Steiner

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.
Try it free for 7 days