What's in the SOSS? An OpenSSF Podcast
What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure.
Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments.
Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.
About Christopher Robinson (aka CRob), host
CRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.
What's in the SOSS? An OpenSSF Podcast
Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives
In this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in the OpenSSF's AI/ML working group. Sarah discusses the critical work being done to extend secure software development practices to the rapidly evolving field of AI. She dives into the AI Model Signing project, the groundbreaking MLOps white paper developed in partnership with Ericsson, and the crucial work of identifying and addressing new personas in AI/ML operations. Tune in to learn how OpenSSF is shaping the future of AI security and what challenges and opportunities lie ahead.
Episode Chapters:
- 0:00 Welcome and Introduction to Sarah Evans
- 0:48 Sarah Evans: Role at Dell Technologies and Involvement in OpenSSF
- 1:38 The OpenSSF AI/ML Working Group: Genesis and Goals
- 3:37 Deep Dive: The AI Model Signing Project with Sigstore
- 4:28 AI Model Signing: Benefits for Developers
- 5:20 Transition to the MLSeCOps White Paper
- 5:49 The Mission of the MLSecOps White Paper: Addressing Industry Gaps
- 7:00 Collaboration with Ericsson on the MLEC Ops White Paper
- 8:15 Identifying and Addressing New Personas in AI/ML Ops
- 10:04 The Power of Open Source in Extending Previous Work
- 10:15 Future Directions for OpenSSF's AI/ML Strategy
- 11:21 OpenSSF's Broader AI Security Focus
- 12:08 Sneak Peek: New Companion Video Podcast on AI Security
- 12:31 Sarah's Personal Focus: The Year of the Agents (2025)
- 13:00 Security Concerns: Bringing Together Data Models and Code in AI Applications
- 14:00 Conclusion and Thanks
Episode links:
- Sarah Evans LinkedIn page
- OpenSSF AI/ML Security Working Group
- OpenSSF Blog: Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security
- OpenSSF Whitepaper: Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security
- Get involved with the OpenSSF
- Subscribe to the OpenSSF newsletter
- Follow the OpenSSF on LinkedIn