Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both develope...
Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboration platform. Together, these projects offer a glimpse into a more distributed future for software development, addressing key challenges in current CI/CD systems like long wait times, security vulnerabilities, and centralized infrastructure limitations. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-ambient-radicle-lars-wirzenius/
--------
27:27
FIDO authentication with William Brown
William Brown tells us all about how confusing and complicated the FIDO authentication universe is. He talks about WebAuthn implementation challenges to flaws in the FIDO metadata service that affect how hardware tokens are authenticated against. The conversation covers the spectrum of hardware security key quality, attestation mechanisms, and the barriers preventing open source developers from improving industry standards despite their expertise. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-fido_auth_william_brown/
--------
29:26
CRA with Luis Villa
In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the complex relationship between security and sustainability. Luis provides practical guidance on navigating this evolving regulatory landscape while explaining why the CRA represents both a challenge and an opportunity for the open source ecosystem. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-CRA_luis_villa/
--------
25:46
Open Source Malware with Brian Fox
Brian Fox discusses findings from a recent Sonatype report about the growing challenge of malicious packages in open source repositories. At the time of recording there are now over 820,000 malware packages in public repositories. Brian explains why certain ecosystems are more vulnerable than others and how behavioral detection methods can identify suspicious packages, and the challenge in solving this problem. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-oss_malware_brian_fox/
--------
30:18
Open Source Foundations with Kelley Misata of Suricata
In this episode Open Source Security talks to Dr. Kelly Masada about the Open Information Security Foundation (OISF). The way OISF is managing Suricata through a foundation is super interesting. There are a lot of lessons in this one for both open source projects and existing open source foundations. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-oss_foundations_kelley_misata/
Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works.
There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.