Hi all, this is Josh. It's a new year and it's time for some changes in the open source security world. The open source security podcast is no more. I'll cut to the headline before explaining the motivation for the change. and I have decided it's time to be done with the podcast. It was a great run and we had a blast doing it, but it's time for a change.
Starting in 2025, a new effort I'm calling open source security, there's no podcast in the title, will be launching to cover open source security topics. The focus will be on the work behind development, usage, and news. It's also not going to be just a podcast any longer. If open source powers 80 % of all applications now, why isn't there more real actual security information about how it's being created and used?
Most of the guidance just seems to be security hardware and ad for something someone's doing. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it. They don't have a developer relations team posting on LinkedIn every couple of hours. Let's find those people in teams and then learn what they do and how they do it.
My plan is to start talking to the people of open source, focusing on the real things that do and don't make us all more secure. The goal is to hear from the people doing the work. They know what's up. They have a lot to teach us. Open source didn't win because of marketing. It won because the people do amazing things. We just have to listen, well and also find them, and then convince them to talk to us. The format will also be changing.
All of the discussions will be published as audio podcasts, YouTube videos, and blog posts. not just a text transcript, more like a blog post of actual details of the discussion. Instead of opinion-based discussions about security topics, I want to hear about how open source folks are making things more secure for their particular projects or communities. And lastly, I need your help. The open source people doing this work don't have marketing departments or publicists.
Many are too shy or too humble to reach out. If you know someone I should talk to, please let me know. The contact details are on opensourcesecurity.io. If you just had the thought pop into your brain, but the open source work I'm doing isn't interesting, we should probably have a chat. There are a lot of things happening in the open source universe. If you're doing open source work, even if it's not directly security related, there are security lessons in there for us all. Drop me a note.
As things get started, the release schedule will be a bit random. It'll probably take a few weeks for everything to start moving, but watch this space. Great things are coming. So, why the change? The open source security podcast started back in 2016. The world was very different then. Open source was very different. Podcasting was also very different.
It's time to move away from a show focused on two people talking about general topics and turn it into something that's focused on the people making it all work and how that can help everyone else. Remember, it's 80 % of everything now. We don't need more opinions about open source. We're drowning in opinions about open source. What we need is to hear from the people who have figured it out already. It's a silent group that the modern world is built on top of and they're smart, really smart.
An audio only show isn't the future either. The podcast in 2016 was hard to make happen and video was out of the question unless you had a massive budget. That's not the case anymore. There are more people than ever learning things from YouTube every day. Some people prefer a podcast. I certainly do. And some folks like to read a blog post. Let's go where the people are and give them what they want.
I also think there's something to be said about the independent open source model that's worked for the open source security podcast in the past. There's a lot of money in open source from companies and foundations. And I'm not saying the big companies and foundations aren't doing good work. Goodness knows they are. I mean, they're also doing some things I don't really like, but whatever, that's okay. You can't please everyone.
but their messaging is often focused on things that pay their bills, and rightly so. I want to create a place that can focus on work that might not seem as exciting as something like Kubernetes or SigStore, but's possibly having even more impact. It won't be easy, it's gonna be a lot of work, and things will be chaotic, but I mean, that's okay. This is a topic I care deeply about.
I think this is something the community will benefit from, and the one thing I do know how to do is produce a weekly show. It's time for something new. I'm very excited and I'm very serious that if you know someone I should be talking to, please let me know. All they have to do is show up. I will take care of everything else. I'll talk to you all soon. Bye bye.