What's in the SOSS? An OpenSSF Podcast

OpenSSF

What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure.

Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments.

Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.

About Christopher Robinson (aka CRob), host
CRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.

read less
TechnologyTechnology

Episodes

Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level
Oct 1 2024
Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level
In this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a complex enterprise.  Sarah sits on the OpenSSF Technical Advisory Council and at Dell’s she has been instrumental in cybersecurity innovation, conducting research within the global CTO R&D organization. Her career spans pivotal roles, including being an enterprise security architect and engaging in Identity and Access Management and IT at prestigious organizations like Wells Fargo and the U.S. Air Force.Dr. Lisa Bradley is a distinguished cybersecurity expert and visionary leader. She has earned her reputation as a trailblazer in the field of security and vulnerability management. In her current role, she oversees Dell's Product Security Incident Response Team (PSIRT), Bug Bounty Program, SBOM initiative, Dependency Management, and Security Champion and Training Programs. 02:38 How Dell is managing its ingestion and productization of open source software04:54 The complex task of managing open source software for a company the size of Dell06:34 The importance of executive support when implementing security initiatives10:40 Lisa and Sarah answer CRob’s rapid-fire questions12:40 Lisa and Sarah’s advice to aspiring developers and security professionals14:12 Lisa and Sarah’s call to actionEpisode links:Lisa Bradley on LinkedInSarah Evans on LinkedInGet involved in the OpenSSF community
Arun Gupta and Giving Back to Security Communities
Jul 2 2024
Arun Gupta and Giving Back to Security Communities
Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has been an open source strategist, advocate, and practitioner for nearly two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles, contribute, and collaborate effectively.On July 9th and 10th, the OpenSSF will attend the 2024 OSPOs for Good symposium hosted by the UN. What’s in the SOSS? co-host Omkhar Arasaratnam and Arun will lead a session called “Engaging the Open Source Community.”Following the symposium on July 11th, attendees are invited to come to a secondary event, What’s Next for Open Source? It will feature a collection of curated workshops to discover how to build and gather the skills you need to move forward with open source. Omkhar is coordinating the security track and presenting opening remarks. Arun will offer closing remarks. 02:13 - Arun’s general outlook on security and life03:39 - Arun shares his personal background and illustrious career history09:04 - Comparing the OpenSSF and the Cloud Native Computing Foundation (CNCF)13:30 - Arun details his work with the United Nations16:42 - Areas that a lot of security professionals are getting wrong18:20 - Arun answers Omkhar’s rapid-fire questions19:08 - Advice Arun would give to aspiring security professionals20:40 - Arun’s call to action for listenersEpisode linksOSPOs for Good 2024What’s Next for Open Source eventArun Gupta’s LinkedIn profileCNCF homepageUnited Nations Sustainable Development GoalsGet involved with OpenSSF