What's in the SOSS? An OpenSSF Podcast

• Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts

  The quantum threat is real, and the clock is ticking. With government deadlines set for 2030, organizations have just five years to migrate their cryptographic infrastructure before quantum computers can break current RSA and elliptic curve systems. In this episode of "What's in the SOSS," join host Yesenia Yser as she sits down with David Hook (VP Software Engineering) and Tomas Gustavsson (Chief PKI Officer) from Keyfactor to break down post-quantum cryptography, from ELI5 explanations of quantum-safe algorithms to the critical importance of crypto agility and entropy. Learn why the financial sector and supply chain security are leading the charge, discover the hidden costs of migration planning, and find out why your organization needs to start inventory and testing now because once quantum computers arrive, it's too late.Episode Chapters:00:00 Introduction00:22 Podcast Welcome00:01 - 01:22: Introductions and Setting the Stage01:23 - 03:22: Post-Quantum 101 - The Quantum Threat Explained03:23 - 06:38: Government Deadlines and Industry Readiness06:39 - 09:14: Bouncy Castle's Quantum-Safe Journey09:15 - 10:46: The Power of Open Source Collaboration10:47 - 13:32: Industry Sectors Leading the Migration13:33 - 16:33: Planning Challenges and Crypto Agility16:34 - 22:01: The Randomness Problem - Why Entropy Matters22:02 - 26:44: Getting Started - Practical Migration Advice26:45 - 28:05: Supply Chain and SBOMs 28:06 - 30:48: Rapid Fire Round30:49 - 31:40: Final Thoughts and Call to ActionEpisode links:Tomas Gustavsson LinkedIn pageDavid Hook LinkedIn pageKeyfactorBouncycastle.orgEJBCA.orgSignServer.orgGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

  --------  

  30:19

  --------

  30:19
• Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives

  In this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in the OpenSSF's AI/ML working group. Sarah discusses the critical work being done to extend secure software development practices to the rapidly evolving field of AI. She dives into the AI Model Signing project, the groundbreaking MLOps white paper developed in partnership with Ericsson, and the crucial work of identifying and addressing new personas in AI/ML operations. Tune in to learn how OpenSSF is shaping the future of AI security and what challenges and opportunities lie ahead.Episode Chapters:0:00 Welcome and Introduction to Sarah Evans0:48 Sarah Evans: Role at Dell Technologies and Involvement in OpenSSF1:38 The OpenSSF AI/ML Working Group: Genesis and Goals3:37 Deep Dive: The AI Model Signing Project with Sigstore4:28 AI Model Signing: Benefits for Developers5:20 Transition to the MLSeCOps White Paper5:49 The Mission of the MLSecOps White Paper: Addressing Industry Gaps7:00 Collaboration with Ericsson on the MLEC Ops White Paper8:15 Identifying and Addressing New Personas in AI/ML Ops10:04 The Power of Open Source in Extending Previous Work10:15 Future Directions for OpenSSF's AI/ML Strategy11:21 OpenSSF's Broader AI Security Focus12:08 Sneak Peek: New Companion Video Podcast on AI Security12:31 Sarah's Personal Focus: The Year of the Agents (2025)13:00 Security Concerns: Bringing Together Data Models and Code in AI Applications14:00 Conclusion and ThanksEpisode links:Sarah Evans LinkedIn pageOpenSSF AI/ML Security Working GroupOpenSSF Blog: Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline SecurityOpenSSF Whitepaper: Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline SecurityGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

  --------  

  14:59

  --------

  14:59
• Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits

  In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert third-party reviews, without creating fear or overwhelming developers.Episode Chapters:00:00 Introduction00:22 Podcast Welcome01:04 OSTIF Founders Introduction02:31 OSTIF's Mission and Approach05:28 Relationship Management and Expertise08:01 Evolution of Security Engagement Methods12:15 Making Security Audits Less Intimidating18:00 Rapid Fire Questions20:45 Closing, Call to ActionEpisode links:Derek Zimmer LinkedIn pageAmir Montezary LinkedIn pageOSTIF (Open Source Technology Improvement Fund)Get involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedInJoin us at OpenSSF Community Day Europe Aug 28, 2025

  --------  

  25:30

  --------

  25:30
• From Compliance to Community: Meeting CRA Requirements Together

  In this episode of 'What's in the SOSS” CRob dives deep into the Erlang ecosystem with Jonatan Männchen (CISO, Erlang Ecosystem Foundation), Ulf (Product Owner, Herrmann Ultraschall), and Michael Winser (Alpha Omega). This episode explores the critical importance of security in open source, particularly in light of regulations like the CRA. Hear how the Erlang community is proactively addressing security concerns by bringing in experts, fostering collaboration, and building trust. Discover why manufacturers are investing in upstream projects and how other ecosystems can learn from their approach. This conversation highlights the value of community, transparency, and the essential role of 'stewards' in the open source world.Chapters:00:17 - Welcome00:57 - Meet the Guests02:56 - Jonatan’s Journey into Erlang06:16 - The Alpha Omega Connection09:07 - Ulf’s Perspective as a Product Manager13:09 - Funding Security in Open Source18:58 - Challenges in Implementing Security24:54 - Becoming a CNA and Normalizing Security28:18 - Jonatan’s role as CISO32:01 - Calls to Action & Advice36:49 - Wrap UpEpisode links:Jonatan Männchen LinkedIn pageUlf Riehm LinkedIn pageMichael Winser LinkedIn pageGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

  --------  

  31:44

  --------

  31:44
• Building India's Open Source Security Community: From Developer Nation to Security Champions

  Join CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world's largest developer communities. Ram shares his journey from computer science professor to developer evangelist, discusses the launch of LF India, and reveals why getting developers excited about security tools remains one of his biggest challenges. From spicy food preferences to Star Trek vs. Star Wars debates, this episode offers both insights into global open source security efforts and a glimpse into the passionate community builders making it happen.Chapters:Meet Ram IyengarOrigin Story - From Professor to EvangelistThe Power of Developer EducationLF India Launch & Community BuildingGetting Involved & Video SeriesRapid FireThe Security Challenge in IndiaCall to Action & Wrap-upEpisode links:Ram Iyengar LinkedIn pageJoin us at the following events: OpenSSF Community Day India (Aug 4, 2025)Open Source Summit India (Aug 5, 2025)KubeCon | CloudNativeCon India (Aug 6-7, 2025)OpenSSF YouTubeGet involved with the OpenSSFSubscribe to the OpenSSF NewsletterFollow the OpenSSF on LinkedIn

  --------  

  18:46

  --------

  18:46

Meer Technologie podcasts

Trending Technologie -podcasts

Over What's in the SOSS? An OpenSSF Podcast