Open Source Security

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.

Last refreshed: July 3rd, 2025 at 9:29 PM ⓘ

Follow this podcast in the Metacast mobile app to refresh it and see new episodes.

Follow on

Apple Podcasts

Spotify

RSS

Podcasts are better in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episodes

Episode 97 - Automation: Humans are slow and dumb

Josh and Kurt talk about the security of automation as well as automating security. The only way automation will really work long term is full automation. Humans can't be trusted enough to rely on them to do things right.

May 20, 2018•33 min•Ep. 97

Episode 96 - Are legal backdoors a good idea?

Josh and Kurt talk about backdoors in code and products that have been put there on purpose. We talk about unlocking phones. Encryption backdoors with a focus on why they won't work.

May 11, 2018•33 min•Ep. 96

Episode 95 - Twitter passwords and npm backdoors

Josh and Kurt talk about Twitter doing the right thing when they logged a lot of passwords and the npm malicious getcookies package and how backdoors work in code.

May 07, 2018•30 min•Ep. 95

Episode 94 - DNSSEC, BGP, and reality

Josh and Kurt talk about the Amazon Route 53 incident and what it really means for the modern infrastructure. Complaining nobody is using DNSSEC or securing BGP aren't the right conversations to be having. Reality must be considered in any honest conversation about these topics.

Apr 30, 2018•28 min•Ep. 94

Episode 93 - Security flaws in beep and patch, how did we get here?

Josh and Kurt talk about security flaws in beep and patch. How on earth were there security flaws in beep and patch?

Apr 15, 2018•36 min•Ep. 93

Episode 92 - Chat with Rami Saas the CEO of WhiteSource

Josh and Kurt talk to Rami Saas, the CEO of WhiteSource about 3rd party open source security as well as open source licensing.

Apr 15, 2018•34 min•Ep. 92

Episode 91 - Security lessons from a 7 year old

Josh and Kurt talk to a 7 year old about security. We cover Minecraft security, passwords, hacking, and many many other nuggets of wisdom.

Apr 08, 2018•19 min•Ep. 91

Episode 90 - Humans and misinformation

Josh and Kurt talk about all the current misinformation, how humans react to it, and what it means for security.

Apr 02, 2018•36 min•Ep. 90

Episode 89 - Short selling AMD security flaws

Josh and Kurt talk about the recent AMD flaws and the events surrounding the disclosure.

Mar 25, 2018•34 min•Ep. 89

Episode 88 - Chat with Chris Rosen from IBM about Container Security

Josh and Kurt talk about container security with IBM's Chris Rosen.

Mar 18, 2018•33 min•Ep. 88

Episode 87 - Chat with Let's Encrypt co-founder Josh Aas

Josh and Kurt talk about Let's Encrypt with co-founder Josh Aas. We discuss the past, present, and future of the project.

Mar 11, 2018•39 min•Ep. 87

Episode 86 - What happens when 23 thousand certificates leak?

Josh and Kurt talk about the Trustico certificate incident and Let's Encrypt.

Mar 03, 2018•34 min•Ep. 86

Episode 85 - NPM ate my files

Josh and Kurt talk about the npm 5.7.0 debacle.

Feb 23, 2018•32 min•Ep. 85

Episode 84 - Have I been pwned?

Josh and Kurt talk about the new password data dump from Have I been pwned?

Feb 23, 2018•32 min•Ep. 84

Episode 83 - XKCD + CVE = XKCVE

Josh and Kurt talk about the XKCD CVE comic and a flight simulator stealing credentials.

Feb 21, 2018•31 min•Ep. 83

Episode 82 - RSA, TLS, Chrome HTTP, and PCI

Josh and Kurt talk about problems of textbook RSA implementations, the upcoming TLS changes in TLS, and the insecurity of http in Chrome.

Feb 13, 2018•30 min•Ep. 82

Episode 81 - Autosploit, bug bounties, and the future of security

Josh and Kurt talk about AutoSploit, bug bounties and fixing flaws, market forces in security, future expectations, and how humans perceive threats.

Feb 07, 2018•32 min•Ep. 81

Episode 80 - GPS tracking and jamming

Josh and Kurt talk about GPS metadata giving away military bases and GPS jamming as part of testing.

Jan 31, 2018•34 min•Ep. 80

Episode 79 - Skyfall: please don't yell 'fire'

Josh and Kurt talk about Skyfall, fake reports, risk, logging, and how a civilized society functions.

Jan 24, 2018•56 min•Ep. 79

Episode 78 - Risk lessons from Hawaii

Josh and Kurt talk about the accidental missile warning in Hawaii. We also discuss general preparedness and risk.

Jan 16, 2018•53 min•Ep. 78

Episode 77 - npm and the supply chain

Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters.

Jan 10, 2018•1 hr•Ep. 77

Episode 76 - Meltdown aftermath

Josh and Kurt talk about the aftermath of Meltdown. The details of the flaw are probably less interesting than what happens now.

Jan 07, 2018•51 min•Ep. 76

Episode 75 - Security Planner review

Josh and Kurt talk about the Security Planner website. It's pretty good all things considered.

Dec 19, 2017•1 hr 3 min•Ep. 75

Episode 74 - Facial recognition and physical security

Josh and Kurt talk about facial recognition, physical security, banking, and Amazon Alexa.

Dec 13, 2017•43 min•Ep. 74

Episode 73 - Security from Santa

Josh and Kurt talk about basic security metrics and security from Santa. Is Santa GDPR compliant?

Dec 06, 2017•1 hr 1 min•Ep. 73

Episode 72 - Bitcoin: It's over 9000

Josh and Kurt talk about Bitcoin, blockchain, and other cryptocurrencies.

Nov 28, 2017•53 min•Ep. 72

Episode 71 - GitHub's Security Scanner

Josh and Kurt talk about GitHub's security scanner and Linus' security email. We clarify the esoteric difference between security bugs and non security bugs.

Nov 21, 2017•47 min•Ep. 71

Episode 70 - The security of Intel ME

Josh and Kurt talk about Intel ME, Equifax salary history, and IoT.

Nov 14, 2017•49 min•Ep. 70

Episode 69 - Actionable security advice

Josh and Kurt talk about Amazon Key and actionable advice.

Nov 07, 2017•47 min•Ep. 69

Episode 68 - Ruining the Internet

Josh and Kurt talk about Facebook listening to your microphone, Google Chrome certificate pinning, CAs, 152 ways to stay safe, and Kubernetes.

Nov 01, 2017•52 min•Ep. 68

← Prev Next →

Hosted on Libsyn

For the best experience, listen in Metacast app for iOS or Android