What's in the SOSS? An OpenSSF Podcast

• OpenSSF 2025 MVVSR Overview

  CRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group to discuss the key lessons learned from open source security in 2024, the importance of the MVVSR (Mission, Vision, Values, Strategy, and Roadmap) framework, and the exciting initiatives planned for 2025. They highlight the growing reliance on open source, the challenges of dependency vulnerabilities, and the need for better security practices in the industry.Chapters:03:29 Key Lessons from Open Source Security in 202408:29 MVSR: Mission, Vision, Strategy, and Roadmap13:41 Importance of Strategy and Roadmap in OpenSSF17:48 Roadmap Items for Community Collaboration20:02 Key Resources and Courses for Developers22:09 Exciting Opportunities Ahead for 2025Episode links:Arun’s LinkedinZach’s Linedkin2024 Annual ReportGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

  --------  

  26:56
• Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain

  CRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and the future of supply chain security. 01:56 - Michael explains how he got into open source04:10 - The challenges of being a startup within the open source ecosystem05:38 - Michael digs into his participation with SLSA and GUAC09:13 - How maintainers can address SBOMs with GUAC10:56 - Michael’s predictions for supply chain security and dependency management14:26 - Michael answers CRob’s rapid-fire questions15:32 - Advice for those entering the cybersecurity or open source development spaces17:50 - Michael’s call to actionLinks:Michael Liberman on LinkedInKusari homepage GUAC homepage on OpenSSFSLSA homepage on OpenSSFGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

  --------  

  21:06
• Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects

  In this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity and the people behind the code.01:42 - Why the Sovereign Tech Fund became the Sovereign Tech Agency03:59 - The ways the Sovereign Tech Agency supports open source infrastructure initiatives04:42 - The four criteria for Sovereign Tech Agency funding: prevalence, relevance, vulnerability and public interest06:51 - Sovereign Tech Agency success stories09:09 Plans for the Sovereign Tech Agency in 202511:54 – Tara answers CRob’s rapid-fire questions13:54 - Advice to those entering open source development or security field14:55 - Tara’s call to action for listenersEpisode links:Tara Tarayikee on LinkedinSovereign Tech Agency homepageApply for Sovereign Tech Fund investmentGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

  --------  

  16:47
• Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security

  In this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security. 01:00 - Michael shares his origin story into open source 02:09 - How Alpha-Omega came to be03:48 Alpha-Omega’s mission is catalyzing sustainable security improvements05:16 - The four types of investments Alpha-Omega makes to catalyze change11:33 - Michael expands on his “clean the beach” approach to impacting open source security16:41 - The 3F framework helps manage upstream dependencies effectively21:13 - Michael answers CRob’s rapid-fire questions23:06 - Michael’s advice to aspiring development and cybersecurity professionals24:44 - Michael’s call to action for listenersLinksMichael Winser on LinkedInAlpha-Omega homepageOpenSSF on LinkedInSubscribe to the OpenSSF newsletterGet involved with the OpenSSF community

  --------  

  27:15
• Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security

  CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.”00:48 - Jack and Zach share their backgrounds02:59 - What package repositories are and why they’re important to open source users04:17 - The positive impact package security has on downstream users07:06 - Jack and Zach offer insight into the "Prinicples for Package Repository Security" document11:18 - Future endeavors of the Securing Software Repositories Working Group17:32 - Jack and Zach answer CRob’s rapid-fire questions19:31 - Advice for those entering the industry21:28 - Jack and Zach share their calls to action Episode links:Zach Steindler on LinkedInJack Cable on LinkedInOpenSSF on LinkedInSecuring Package Repositories Working GroupPrinciples for Package Repository Security documentSubscribe to the OpenSSF newsletterGet involved with the OpenSSF community

  --------  

  23:44

Meer Technologie podcasts

Trending Technologie -podcasts

Over What's in the SOSS? An OpenSSF Podcast