What's in the SOSS? An OpenSSF Podcast
What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure.
Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments.
Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.
About Christopher Robinson (aka CRob), host
CRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.
Episodes
60 episodes
Building a Connected Africa: The Origin Story of OSSAfrica with Prince Asiedu
This episode features Prince Oforh Asiedu, discussing his inspiring journey into tech and open source, starting from a childhood fascination with computers in Ghana, self-learning to code despite financial and economic challenges, and making hi...
Big Thoughts, Open Sources Inaugural Episode: Beyond the Hype: Brian Fox on Securing the Agentic Future of Open Source
In this inaugural episode of Big Thoughts and Open Sources, host Crob sits down with Brian Fox, Co-founder and CTO of Sonatype, to dissect the friction between rapid AI adoption and foundational software security. Brian shares insights from the...
From Noise to Signal: Security Expertise and Kusari Inspector with Mike Lieberman
In this episode, CRob talks with Mike Lieberman from Kusari about the current state of open source security. They discuss the growing burden on maintainers from the "deluge" of noisy, low-quality vulnerability reports, often generated by AI too...
Empowering New Maintainers: Inside the OpenSSF Mentorship Program
In this episode of What’s in the SOSS? host Sally Cooper sits down with Yesenia Yser, co-lead of the OpenSSF Mentorship Program and the BEAR Working Group, and Kairo De Araujo, Open Source Software Engineer and mentor for rstuf. They dive into ...
The Gemara Project: GRC Engineering Model for Automated Risk Assessment
Hannah Braswell and Jenn Power, security engineers from Red Hat and contributors to the OpenSSF, join host Sally Cooper to discuss the Gemara project. Gemara, an acronym for GRC Engineering Model for Automated Risk Assessment, is a seven-layer ...
AIxCC Part 4 – Cyber Reasoning Systems: The Real-World Journey After AIxCC
In this final episode of our AI Cyber Challenge (AIxCC) series, CRob and Jeff Diecks wrap-up the journey from DARPA's groundbreaking two-year competition to the exciting collaborative phase happening now. Discover how winning teams are taking t...
AIxCC Part 3 - Buttercup's Hybrid Approach: Trail of Bits' Journey to Second Place in AIxCC
In the final episode of our AI Cyber Challenge (AIxCC) series, CRob sits down with Michael Brown, Principal Security Engineer at Trail of Bits, to discuss their runner-up cybersecurity reasoning system, Buttercup. Michael shares how their team ...
AIxCC Part 2 - From Skeptics to Believers: How Team Atlanta Won AIxCC by Combining Traditional Security with LLMs
In this 2nd episode in our series on DARPA's AI Cyber Challenge (AIxCC), CRob sits down with Professor Taesoo Kim from Georgia Tech to discuss Team Atlanta's journey to victory. Kim shares how his team - comprised of academics, world-class hack...
AIxCC Part 1 - From Skepticism to Success: The AI Cyber Challenge (AIxCC) with Andrew Carney
This episode of What’s in the SOSS features Andrew Carney from DARPA and ARPA-H, discussing the groundbreaking AI Cyber Challenge (AIxCC). The competition was designed to create autonomous systems capable of finding and patching vulnerabilities...
Demystifying the CFP Process with KubeCon North America Keynote Speakers
Ever wondered what it takes to get your talk accepted at a major open source tech conference – or even land a keynote slot? Join What’s in the Sauce new co-host Sally Cooper, as she sits down with Stacey Potter and Adolfo “Puerco” García Veytia...
Why Marketing Matters in Open Source: Introducing Co-Host Sally Cooper
In this special episode, the What's in the SOSS podcast welcomes Sally Cooper as an official co-host. Sally, who leads OpenSSF's marketing efforts, shares her journey from hands-on technical roles in training and documentation to becoming a bri...
2025 Year End Wrap Up: Celebrating 5 Years of Open Source Security Impact!
Join co-hosts CRob and Yesenia for a special season finale celebrating OpenSSF's fifth anniversary and recapping an incredible year of innovation in open source security! From launching three free educational courses on the EU Cyber Resilience ...
Teaching the Next Generation: Software Supply Chain Security in Academia with Justin Cappos
On this episode of "What's in the SoSS," Yesenia Yser sits down with Justin Cappos, NYU professor and self-described "OG software supply chain guy" who's been working in this space since 2002. Justin reveals why most universities fail to teach ...
Securing the Future: AI, Open Source, and Collaboration with Jay White (Microsoft)
Jay White, a leader in the open source ecosystem at Microsoft, discusses his journey into open source, focusing on AI and machine learning. He highlights his role in the Azure office of the CTO, working on open source, security, and AI standard...
SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)
Stephanie Domas, Canonical's Chief Security Officer, returns to What's in the SOSS to discuss critical open source challenges. She addresses the issues of third-party security patch versioning, the rise of software sovereignty, and how custom p...
A Deep Dive into the Open Source Project Security (OSPS) Baseline
In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstra...
Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security Leader
In this episode of What’s in the SOSS, host Yesenia Yser sits down with Seth Larson, Security Developer in Residence at the Python Software Foundation, as he shares his unique perspective on open source security. From his Minneapolis base, Seth...
New Education Course: Secure AI/ML-Driven Software Development (LFEL1012) with David A. Wheeler
In this episode of “What’s In The SOSS,” Yesenia interviews David A. Wheeler, the Director of Open Source Supply Chain Security at the Linux Foundation. They discuss the importance of secure software development, particularly in the context of ...
The Remediation Revolution: How AI Agents Are Transforming Open Source Security with John Amaral of Root.io
In this episode of What's in the SOSS, CRob sits down with John Amaral from Root.io to explore the evolving landscape of open source security and vulnerability management. They discuss how AI and LLM technologies are revolutionizing the way we ...
From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr Project
In this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional path into open source as a manager rather than a developer, navigating complex legal challenges t...
Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts
The quantum threat is real, and the clock is ticking. With government deadlines set for 2030, organizations have just five years to migrate their cryptographic infrastructure before quantum computers can break current RSA and elliptic curve sys...
Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives
In this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in the OpenSSF's AI/ML working group. Sarah discusses the critical work being done to extend secure software deve...
Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits
In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collabora...
From Compliance to Community: Meeting CRA Requirements Together
In this episode of 'What's in the SOSS” CRob dives deep into the Erlang ecosystem with Jonatan Männchen (CISO, Erlang Ecosystem Foundation), Ulf (Product Owner, Herrmann Ultraschall), and Michael Winser (Alpha Omega). This episode explores the ...
Building India's Open Source Security Community: From Developer Nation to Security Champions
Join CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world's largest developer communities. Ram shares his journ...