Episodes drop biweekly featuring the sharpest minds in security as they dive into challenges and opportunities that create a recipe for success in making software more secure.
WASHINGTON — June 18, 2024 — The Open Source Security Foundation (OpenSSF) has launched a new podcast titled “What’s in the SOSS?” With biweekly episodes, the series explores the world of secure open source software, delivering insights from industry leaders and innovators.
“Open source software is the foundation of the modern world. Never before has the conversation about securing it been more relevant and significant,” said Omkhar Arasaratnam, OpenSSF general manager. “We hope to elevate important voices in the industry and give our supporters a new, simple way to consume insights and best practices they can carry with them into their own work.”
Arasaratnam is one of the podcast’s hosts. A seasoned technology leader and open source security supporter with 25+ years of experience, he has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. Arasaratnam is a former security and engineering leader for global organizations, including Google, JPMorgan Chase, IBM and others. He is also an accomplished author and has led contributions to many international standards. He serves as a NYU Cyber Fellow Advisory Council member and applied cryptography guest lecturer and is a senior fellow with the NYU Center for Cybersecurity.
Christopher Robinson, OpenSSF Technical Advisory Committee chair and Intel’s director of security communications, will alternate as host with Arasaratnam. Known in the OpenSSF community as “CRob,” he brings 25 years of enterprise-class engineering, architectural, operational and leadership experience, having worked at several Fortune 500 companies across the financial, medical, legal, and manufacturing verticals. He was recently recognized as the Community Engagement Winner as part of OpenSSF’s Golden Egg Awards for his significant contributions to various working groups, input on community guides, and invaluable expertise shared with OpenSSF and beyond.
“We want to highlight the great work being done in OpenSSF projects and within the Linux Foundation and share how the community is working to support the security of the ecosystem,” Robinson said. “Listeners will hear from organizations sharing their success stories and we’ll have a lot of amazing content featuring insightful people who are contributors to the community.”
What’s in the SOSS? – Exploring Open Source Security
Each episode will be packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software on which the world depends. Conversations will delve into the most pressing issues in open source security while also exploring the latest trends at the intersection of AI and security, vulnerability management, and threat assessments. Arasaratnam and Robinson will be joined by the sharpest minds in security as they dig into challenges and opportunities that create a recipe for success in making software more secure.
Here’s a taste of what you can expect from “What’s in the SOSS?”:
Vincent Danen and the Art of Vulnerability Management — Vincent Danen, vice president of product security at Red Hat, discusses the Heartbleed Bug and offers advice on how to address vulnerability management and the importance of trusting your vendors.
Christoph Kern and the Challenge of Keeping Google Secure — Christoph Kern, principal software engineer in Google’s Information Security Engineering organization discusses Google’s approach to security, why memory safety is important and how to stop “stubborn vulnerabilities.”
Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security — Mark Russinovich, CTO of Microsoft Azure, discusses AI and its impact on enterprises, the good and bad of AI hallucinations and the promise of more secure open source software via AI.
Omkhar Arasaratnam + Christopher Robinson Talk What’s in the SOSS? — Hosts discuss writing “post-bang” code, the evolution of open source and what lessons corporate and open source developers can learn from each other.
Stacklok’s Adolfo García Veytia Digs Into SBOMs and VEX – In CRob’s first hosted episode of “What’s in the SOSS?” podcast, Adolfo García Veytia from Stacklok delves into the intricacies of SBOMs and VEX, sharing valuable insights and advice for both developers and security professionals.
Check out other podcast episodes and subscribe to “What’s in the SOSS?” on your favorite platform: Spotify, Apple Podcasts, Amazon Music, and more.
About the OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaborating and working upstream and with existing communities to advance open source security. For more information, please visit us at openssf.org.
Media Contact
Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com