What's in the SOSS? An OpenSSF Podcast

Omkhar Arasaratnam, OpenSSF

What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure.

Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments.

Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.

About Omkhar Arasaratnam (host)
Omkhar is the General Manager of the Open Source Security Foundation (OpenSSF). He is a veteran cybersecurity and technical risk management executive with more than 25 years of experience leading global organizations.

Omkhar began his career as a strong supporter of open source software as a PPC64 maintainer for Gentoo and contributor to the Linux kernel, and that enthusiasm for OSS continues today. Before joining the OpenSSF, he led security and engineering organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM.

As a seasoned technology leader, he has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. He is also an accomplished author and has led contributions to many international standards.

Omkhar is also a NYU Cyber Fellow Advisory Council member and a Senior Fellow with the NYU Center for Cybersecurity, where he guest lectures Applied Cryptography.

read less
TechnologyTechnology
Start Here
Christoph Kern and the Challenge of Keeping Google Secure
1w ago
Christoph Kern and the Challenge of Keeping Google Secure
In this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security.00:42 - Christoph offers a rundown of his duties at Google01:38 - Google’s general approach to security03:02 - What Christoph describes as “stubborn vulnerabilities” and how to stop them06:42 - An overview of Google’s security ecosystem10:00 - Why memory safety is so important12:23 - Solving memory safety problems via languages16:23 - Omkhar’s rapid-fire questions18:28 - Why Christoph thinks this may be a great time for young professionals to enter the cybersecurity industryEpisode links:Blog: Tackling Cybersecurity Vulnerabilities Through Secure by DesignReport: Secure by Design: Google’s Perspective on Memory SafetyWhite House Press Release: Future Software Should be Memory SafeBlog: OpenSSF Supports White House’s Efforts to Build More Secure and Measurable SoftwareResearch: Developer Ecosystems for Software Safety: Continuous Assurance at Scale

Episodes

Christoph Kern and the Challenge of Keeping Google Secure
1w ago
Christoph Kern and the Challenge of Keeping Google Secure
In this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security.00:42 - Christoph offers a rundown of his duties at Google01:38 - Google’s general approach to security03:02 - What Christoph describes as “stubborn vulnerabilities” and how to stop them06:42 - An overview of Google’s security ecosystem10:00 - Why memory safety is so important12:23 - Solving memory safety problems via languages16:23 - Omkhar’s rapid-fire questions18:28 - Why Christoph thinks this may be a great time for young professionals to enter the cybersecurity industryEpisode links:Blog: Tackling Cybersecurity Vulnerabilities Through Secure by DesignReport: Secure by Design: Google’s Perspective on Memory SafetyWhite House Press Release: Future Software Should be Memory SafeBlog: OpenSSF Supports White House’s Efforts to Build More Secure and Measurable SoftwareResearch: Developer Ecosystems for Software Safety: Continuous Assurance at Scale
Vincent Danen and the Art of Vulnerability Management
Apr 11 2024
Vincent Danen and the Art of Vulnerability Management
Omkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. He’s also on the Governing Board of the OpenSSF. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development.Links: Vincent Danen’s LinkedIn pageRed Hat Product Security Vulnerability ManagementOpenSSF Security Toolbelt
What's in the SOSS? Preview
Mar 26 2024
What's in the SOSS? Preview
Omkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF) and a veteran cybersecurity and technical risk management executive. Before joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a seasoned technology leader, Omkhar has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. He is also an accomplished author and has led contributions to many international standards. In this short preview, Omkhar offers a sneak peek into the coming What's in the SOSS? podcast series.