Open Source Security

Josh Bressers

Open Source Software

Open Source

Cybersecurity

Security

Vulnerabilities

Cyber Resilience Act

Supply Chain Security

NPM

Kubernetes

Github

Vulnerability Management

Wordpress

CISA

Software Development

Open Source Malware

CVE

Security.txt

Github Actions

Vulnerability Disclosure

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hour... more

438 ratings

Publishes	Weekly	Episodes	526	Founded	10 years ago
Number of Listeners		Category	Technology

Listen to this Podcast

Guests Host Reviews Charts Talking Points

Latest Episodes

Open Source Pledge with Vlad-Stefan Harbuz

Josh has a discussion with Vlad-Stefan Harbuz about the Open Source Pledge as well as his recent FOSDEM talk. The Open Source Pledge is all about trying to build a sustainable universe for open source maintainers. This ties into Vlad's FOSDEM talk wh... more

27 Apr 2026 • 34 min

Building a plan for disaster with David Bernstein

Josh welcomes back David Bernstein to talk about creating a disaster recover plan. It's a very timely topic given all the current events. There are more supply chain attacks and compromises than ever before. There are some great resources for this pl... more

20 Apr 2026 • 39 min

Open Source Malware with Paul McCarty

Josh talks to Paul McCarty of Open Source Malware about ... open source malware. Paul explains why there aren't many good open source malware datasets. We discuss why the existing data is lacking for many use cases. We of course touch on AI and the m... more

13 Apr 2026 • 38 min

Package management challenges with Andrew Nesbitt

Josh welcomes back Andrew Nesbitt to discuss some recent blog posts he wrote about the challenges of new ecosystems as well as challenges of no ecosystems like C. There aren't very many people who look at multiple ecosystems in the way Andrew does. H... more

6 Apr 2026 • 36 min

Key Facts

Accepts Guests

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

2.5 AdminsThe Late Night Linux Family

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)Johannes B. Ullrich

Risky BusinessRisky Business Media

Cybersecurity HeadlinesCISO Series

CyberWire DailyN2K Networks

Recent Guests

Paul McCarty

Founder and maintainer of Open Source Malware

Open Source Malware

Episode: Open Source Malware with Paul McCarty

Andrew Nesbitt

Open Source Developer and Package Manager enthusiast

Eco (package management ecosystem)

Episode: Package management challenges with Andrew Nesbitt

Michael Wisner

Co-founder of Alpha Omega

Alpha Omega

Episode: Open Source Security at scale with Michael Winser

Luke Hinds

CEO of Always Further; Open Source security expert

Always Further

Episode: MCP and Agent security with Luke Hinds

Paul Kehrer

Co-maintainer, Python Cryptographic Authority

Python Cryptographic Authority

Episode: The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

Alex Gaynor

Co-maintainer, Python Cryptographic Authority

Python Cryptographic Authority

Episode: The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

Sylvestre Ledru

Director of Engineering at Mozilla and Firefox, and DFDL of Rust Core Utils

Mozilla

Episode: Rust coreutils with Sylvestre Ledru

Olle E. Johansson

Open Source activist and founder of the GVIP project

Episode: The Global Vulnerability Intelligence Platform with Olle E. Johansson

David Bernstein

Certified emergency manager and certified business continuity professional

Episode: The Art of Crisis Management with David Bernstein

Host

Josh

Host of Open Source Security Podcast, known for bringing insights from industry experts and a focus on open source security education.

Reviews

4.7 out of 5 stars from 438 ratings

Open source security and more
Josh may no longer be with Kurt, he still makes a wicked podcast with a good concentrated dose of open source security.
Apple Podcasts
5
LikeToTaste
United Kingdoma year ago
josh is insufferable
I really enjoy Kurt’s perspective on stuff. Josh is insufferable. Not sure what complex he suffers from, but he can never be wrong and is always steamrolling Kurt.
Apple Podcasts
1
letitsnowman
United Statesa year ago
Great Podcast
I don't work in this field; I'm strictly a security hobbyist. Found this podcast through archive.org, incidentally. Listened to 5 minutes of one episode and that was enough for me to subscribe. Thanks for a great podcast!
Apple Podcasts
5
CornOnTheMacabre
United States2 years ago
Most frustrating show I continue listening to
Like a meeting with no agenda it can be informative and entertaining and you’re never quite sure if you should attend again but usually you do.
Apple Podcasts
4
cspeckrun
United States3 years ago
The banter is spot on
as of September 2023 be negative reviews may be from non-techs or squishy persons in general. I understand the humor, and every episode that I have listened to so far which is only half a dozen the hosts understand and get what they are talking about. having over 20 years both professionally and not in the information technology field I find myself quite amused at their observations, and more often than not not in agreement more than once an episode. If the hosts, however, ever come across this ... more
Apple Podcasts
4
unbleachedbit
United States3 years ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Listeners appreciate the deep dives into current open source security topics and the practical knowledge shared by guests.

There is a strong emphasis on the quality of content and the relevance of discussions, indicating high standards among the audience.

Many find the humor and banter between the hosts enjoyable and relatable, contributing to a compelling listening experience.

Some listeners express frustration with certain host dynamics, suggesting that not every episode matches their expectations in style or content.

Chart Rankings

How this podcast ranks in the Apple Podcasts, Spotify and YouTube charts.

Apple Podcasts	#175	Australia/Technology
Apple Podcasts	#185	Ukraine/Technology
Apple Podcasts	#190	Finland/Technology
Apple Podcasts	#200	Switzerland/Technology
Apple Podcasts	#215	Hong Kong/Technology
Apple Podcasts	#245	Austria/Technology

Talking Points

Recent interactions between the hosts and their guests.

Open Source Malware with Paul McCarty

Q: What are the biggest challenges you see in today's software supply chain security, and how can industry players collaborate to address them?

The biggest challenges are silos among vendors, the sheer volume of new registries and AI-driven tooling, and the difficulty of maintaining visibility in CI/CD pipelines. The solution is better cross-vendor communication, shared data standards, and more open collaboration so defenders aren't flying blind during incidents.

Open Source Malware with Paul McCarty

Q: How does Open Source Malware handle data enrichment and ensure the accuracy of contributed information?

Contributors can add data to threat reports, admins validate the enrichment, and once validated the data goes into the database. This creates a dynamic, community-driven dataset where IOCs and threat context can evolve as new information emerges.

Open Source Malware with Paul McCarty

Q: What motivated you to build Open Source Malware and how does it differ from existing databases like OSV or GHSA?

I started Open Source Malware out of frustration that there wasn't a good post-incident data layer for malicious packages and components. Unlike OSV or GHSA, which focus on vulnerability metadata, our platform emphasizes IOCs, de-obfuscated payloads, and continuous enrichment from the community to help with incident response and defensive tooling.

The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

Q: What are the main concerns with OpenSSL 3.0?

API complexity, reduced ergonomics, harder to trace internals, slower performance, and misalignment with testing and safety goals for PyCA cryptography.

The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

Q: Why did you publish a joint statement instead of individual blog posts?

Because the concerns are broader than personal blogs; they represent the project's stance, and publishing as a joint statement on the documentation site gives it more authority and reach.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Open Source Security

What is Open Source Security about and what kind of topics does it cover?

The focus of this initiative is on open source security, emphasizing the importance of education and awareness around this critical area of technology. Episodes frequently feature discussions with industry experts and developers who are actively involved in enhancing security measures within open source projects. The content aims to highlight innovative solutions and address the gaps in communication surrounding security practices, making it an invaluable resource for both developers and users interested in understanding open source security and its implications in the tech landscape. This platform is unique in its commitment to amplifying voices that often go unheard, prioritizing insights from those working on the ground to improve securi... more

Where can I find podcast stats for Open Source Security?

Rephonic provides a wide range of podcast stats for Open Source Security. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Open Source Security and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Open Source Security get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Open Source Security, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Open Source Security?

Rephonic provides comprehensive predictive audience data for Open Source Security, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Open Source Security have?

To see how many followers or subscribers Open Source Security has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Open Source Security?

These podcasts share a similar audience with Open Source Security:

1. 2.5 Admins
2. SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
3. Risky Business
4. Cybersecurity Headlines
5. CyberWire Daily

How many episodes of Open Source Security are there?

Open Source Security launched 10 years ago and published 526 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Open Source Security?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Open Source Security?

Rephonic pulls ratings and reviews for Open Source Security from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Open Source Security?

Rephonic provides full transcripts for episodes of Open Source Security. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Open Source Security?

Recent guests on Open Source Security include:

1. Paul McCarty
2. Andrew Nesbitt
3. Michael Wisner
4. Luke Hinds
5. Paul Kehrer
6. Alex Gaynor
7. Sylvestre Ledru
8. Olle E. Johansson

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days