What's in the SOSS? An OpenSSF Podcast
What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure.
Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments.
Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.
About Christopher Robinson (aka CRob), host
CRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.
Episodes
29 episodes
Secure Software Starts with Awareness: Education & Open Source with the Council of Daves
In this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their...
•
Season 3
•
Episode 6
•
24:46
Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF
In this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” wh...
•
Season 2
•
Episode 4
•
11:25
JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at Scale
Robin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares h...
•
Season 2
•
Episode 3
•
17:49
Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding
In this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Re...
•
Season 2
•
Episode 2
•
17:18
OpenSSF 2025 MVVSR Overview
CRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security ...
•
Season 2
•
Episode 1
•
26:56
Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain
CRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and t...
•
21:06
Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects
In this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably streng...
•
16:47
Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security
In this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open...
•
27:15
Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security
CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack ...
•
23:44
Red Hat's Rodrigo Freire and the Impact of High-Profile Security Incidents
In this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the open source community. Rodrigo has a distinguished track record of success and experience in sever...
•
16:58
Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer”
In this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with over 10 years of ethical hacking, reverse engineering and advanced vulnerability analysis, St...
•
16:58
Intel’s Katherine Druckman and the Impact of Developer Relations
In this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair of the OpenSSF Marketing Advisory Council and DevRel Community. Katherine enjoys sharing her ...
•
14:23
Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level
In this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a compl...
•
16:24
Bidding Adieu to Omkhar Arasaratnam
In this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As Omkhar moves on to the next chapter of his occupational journey, he reflects on his tenure with ...
•
20:32
CoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open Source
Omkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay White, security principal program manager at Microsoft. David and Jay are on the Project Governi...
•
22:47
GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…”
In this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and op...
•
22:43
CISA's Aeva Black and the Public Sector View of Open Source Security
In this episode, Omkhar Arasaratnam visits with Aeva Black, who currently serves as the Section Chief for Open Source Security at CISA, and is an open source hacker and international public speaker with 25 years of experience building open sour...
•
12:13
Google’s Andrew Pollock and Addressing Open Source Vulnerabilities
Episode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise Security Engineer, he has extensive experience in large-scale Linux Systems Administration and...
•
12:16
Rust Foundation’s Bec Rumbul and Succeeding as a “Non-Techie” in a Tech-Heavy Industry
Bec Rumbul is the Executive Director and CEO of the Rust Foundation, a global non-profit that stewards the Rust language, supports maintainers, and ensures that Rust is safe, secure, and sustainable for the future. She holds a PhD in Politics a...
•
18:28
Sonatype’s Brian Fox and the Perplexing Phenomenon of Downloading Known Vulnerabilities
Brian Fox is Co-founder and Chief Technology Officer at Sonatype, bringing over 28 years of hands-on experience driving software development for organizations of all sizes, from startups to large enterprises. A recognized figure in...
•
22:24
Arun Gupta and Giving Back to Security Communities
Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has been an open source strategist, advocate, and practitioner for nearly two decades. He has taken ...
•
22:02
Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX
The world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Ku...
•
18:11
A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS?
Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s Technical Advisory Committee (TAC) Chair. And soon, CRob will step into another role: co-host o...
•
20:03
OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source Security
Matt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore th...
•
14:58
Eric Brewer and the Future of Open Source Security
In this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of infrastructure at Google. He’s also on the Governing Board of the OpenSSF. His research interes...
•
16:09