What's in the SOSS? An OpenSSF Podcast
What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure.
Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments.
Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.
About Christopher Robinson (aka CRob), host
CRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.
Episodes
47 episodes
Securing the Future: AI, Open Source, and Collaboration with Jay White (Microsoft)
Jay White, a leader in the open source ecosystem at Microsoft, discusses his journey into open source, focusing on AI and machine learning. He highlights his role in the Azure office of the CTO, working on open source, security, and AI standard...
•
Season 2
•
Episode 23
•
25:32
SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)
Stephanie Domas, Canonical's Chief Security Officer, returns to What's in the SOSS to discuss critical open source challenges. She addresses the issues of third-party security patch versioning, the rise of software sovereignty, and how custom p...
•
Season 2
•
Episode 22
•
26:44
A Deep Dive into the Open Source Project Security (OSPS) Baseline
In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstra...
•
Season 2
•
Episode 21
•
32:57
Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security Leader
In this episode of What’s in the SOSS, host Yesenia Yser sits down with Seth Larson, Security Developer in Residence at the Python Software Foundation, as he shares his unique perspective on open source security. From his Minneapolis base, Seth...
•
Season 2
•
Episode 20
•
21:43
New Education Course: Secure AI/ML-Driven Software Development (LFEL1012) with David A. Wheeler
In this episode of “What’s In The SOSS,” Yesenia interviews David A. Wheeler, the Director of Open Source Supply Chain Security at the Linux Foundation. They discuss the importance of secure software development, particularly in the context of ...
•
Season 2
•
Episode 19
•
38:44
The Remediation Revolution: How AI Agents Are Transforming Open Source Security with John Amaral of Root.io
In this episode of What's in the SOSS, CRob sits down with John Amaral from Root.io to explore the evolving landscape of open source security and vulnerability management. They discuss how AI and LLM technologies are revolutionizing the way we ...
•
Season 2
•
Episode 18
•
22:53
From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr Project
In this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional path into open source as a manager rather than a developer, navigating complex legal challenges t...
•
Season 2
•
Episode 17
•
34:47
Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts
The quantum threat is real, and the clock is ticking. With government deadlines set for 2030, organizations have just five years to migrate their cryptographic infrastructure before quantum computers can break current RSA and elliptic curve sys...
•
Season 2
•
Episode 16
•
30:19
Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives
In this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in the OpenSSF's AI/ML working group. Sarah discusses the critical work being done to extend secure software deve...
•
Season 2
•
Episode 15
•
14:59
Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits
In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collabora...
•
Season 2
•
Episode 14
•
25:30
From Compliance to Community: Meeting CRA Requirements Together
In this episode of 'What's in the SOSS” CRob dives deep into the Erlang ecosystem with Jonatan Männchen (CISO, Erlang Ecosystem Foundation), Ulf (Product Owner, Herrmann Ultraschall), and Michael Winser (Alpha Omega). This episode explores the ...
•
Season 2
•
Episode 13
•
31:44
Building India's Open Source Security Community: From Developer Nation to Security Champions
Join CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world's largest developer communities. Ram shares his journ...
•
Season 2
•
Episode 12
•
18:46
From Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building Community
In this episode of What’s in the SOSS? host Yesenia Yser sits down with open source security engineer and community leader Tabatha DiDomenico for an inspiring conversation about her unexpected path into open source, the vibrant communities behi...
•
Season 2
•
Episode 11
•
29:49
Bridging DevOps and Security: Tracy Reagan on the Future of Open Source
In this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the ...
•
Season 2
•
Episode 11
•
20:04
Yoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes
In this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. ...
•
Season 2
•
Episode 9
•
19:49
Cybersecurity Framework Launch
In this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey into open source, the role of LF Education in supporting the community, and the importance of cybersecuri...
•
Season 2
•
Episode 8
•
20:45
Scaling Security: Inside the GitHub Securing Open Source Software Fund
In this episode of What’s in the SOSS?, CRob sits down with Kevin Crosby and Xavier Rene-Corail from GitHub to unpack the GitHub Secure Open Source Fund - an innovative program that combines funding, education, and community to strengthen open ...
•
Season 2
•
Episode 7
•
26:48
Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter
In this special episode of What’s in the SoSS?, we welcome Stacey Potter, the new Community Manager at the Open Source Security Foundation (OpenSSF). Stacey shares her winding journey from managing operations at a vitamin company to becoming a ...
•
Season 2
•
Episode 6
•
21:13
Secure Software Starts with Awareness: Education & Open Source with the Council of Daves
In this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their...
•
Season 3
•
Episode 6
•
24:46
Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF
In this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” wh...
•
Season 2
•
Episode 4
•
11:25
JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at Scale
Robin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares h...
•
Season 2
•
Episode 3
•
17:49
Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding
In this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Re...
•
Season 2
•
Episode 2
•
17:18
OpenSSF 2025 MVVSR Overview
CRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security ...
•
Season 2
•
Episode 1
•
26:56
Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain
CRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and t...
•
21:06
Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects
In this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably streng...
•
16:47