Free Daily Podcast Summary
What's in the SOSS? An OpenSSF Podcast: Daily Summaries Delivered
by OpenSSF
Get key takeaways, quotes, and insights from What's in the SOSS? An OpenSSF Podcast in a 5-minute read. Delivered straight to your inbox.
Latest Episodes
The most recent episodes — sign up to get AI-powered summaries of each one.
- 1 weeks ago19 min
Packaging, Transferring, and Deploying Software in Air-Gapped Environments with Zarf
Host Sally Cooper is joined by Brandt Keller, a staff software engineer at Defense Unicorns and maintainer of the OpenSSF sandbox project, Zarf. Brandt discusses Zarf's origins as a tool designed to reliably package, transfer, and deploy software components (like container images and Helm charts) specifically for critical, air-gapped environments that lack internet connectivity. The conversation explores Zarf's evolution, highlighting its current role in introducing security gates, improving ...
- Apr 7, 202629 min
Big Thoughts, Open Sources Inaugural Episode: Beyond the Hype: Brian Fox on Securing the Agentic Future of Open Source
In this inaugural episode of Big Thoughts and Open Sources, host Crob sits down with Brian Fox, Co-founder and CTO of Sonatype, to dissect the friction between rapid AI adoption and foundational software security. Brian shares insights from the 11th annual State of the Software Supply Chain Report, revealing the emergence of "slop squatting" and the high frequency of AI models recommending non-existent or vulnerable dependencies. The conversation explores how the Model Context Protocol (MCP) ...
- Mar 24, 202625 min
From Noise to Signal: Security Expertise and Kusari Inspector with Mike Lieberman
In this episode, CRob talks with Mike Lieberman from Kusari about the current state of open source security. They discuss the growing burden on maintainers from the "deluge" of noisy, low-quality vulnerability reports, often generated by AI tools, and the vital role of "a human in the loop." Mike introduces Kusari's tool, Inspector, explaining how it uses codified security expertise to process data from tools like OpenSSF Scorecard and SLSA, effectively filtering out false positives and givin...
- Mar 17, 202622 min
Empowering New Maintainers: Inside the OpenSSF Mentorship Program
In this episode of What’s in the SOSS? host Sally Cooper sits down with Yesenia Yser, co-lead of the OpenSSF Mentorship Program and the BEAR Working Group, and Kairo De Araujo, Open Source Software Engineer and mentor for rstuf. They dive into the success of the OpenSSF Mentorship Program, which focuses on bringing underrepresented voices into software security. Kairo shares an incredible outcome from the last cycle – where two out of three mentees became project maintainers – while Yesenia d...
- Mar 10, 202617 min
The Gemara Project: GRC Engineering Model for Automated Risk Assessment
Hannah Braswell and Jenn Power, security engineers from Red Hat and contributors to the OpenSSF, join host Sally Cooper to discuss the Gemara project. Gemara, an acronym for GRC Engineering Model for Automated Risk Assessment, is a seven-layer logical model that aims to solve the problem of incompatibility in the GRC (Governance, Risk, and Compliance) stack. By outlining a separation of concerns, the project seeks to enable engineers to build secure and compliant systems without needing to be...
- Feb 10, 202617 min
AIxCC Part 4 – Cyber Reasoning Systems: The Real-World Journey After AIxCC
In this final episode of our AI Cyber Challenge (AIxCC) series, CRob and Jeff Diecks wrap-up the journey from DARPA's groundbreaking two-year competition to the exciting collaborative phase happening now. Discover how winning teams are taking their AI-powered vulnerability detection systems into the real world, finding actual bugs in projects like the Linux kernel and CUPS. Learn about the innovative OSS-CRS project that aims to create a standard infrastructure for mixing and matching the bes...
- Feb 10, 202623 min
AIxCC Part 3 - Buttercup's Hybrid Approach: Trail of Bits' Journey to Second Place in AIxCC
In the final episode of our AI Cyber Challenge (AIxCC) series, CRob sits down with Michael Brown, Principal Security Engineer at Trail of Bits, to discuss their runner-up cybersecurity reasoning system, Buttercup. Michael shares how their team took a hybrid approach - combining large language models with conventional software analysis tools like fuzzers - to create a system that exceeded even their own expectations. Learn how Trail of Bits made Buttercup fully open source and accessible to ru...
- Feb 10, 202628 min
AIxCC Part 2 - From Skeptics to Believers: How Team Atlanta Won AIxCC by Combining Traditional Security with LLMs
In this 2nd episode in our series on DARPA's AI Cyber Challenge (AIxCC), CRob sits down with Professor Taesoo Kim from Georgia Tech to discuss Team Atlanta's journey to victory. Kim shares how his team - comprised of academics, world-class hackers, and Samsung engineers - initially skeptical of AI tools, underwent a complete mindset shift during the competition. He shares how they successfully augmented traditional security techniques like fuzzing and symbolic execution with LLM capabilities ...
Get What's in the SOSS? An OpenSSF Podcast summaries in your inbox
Free AI-powered daily recaps. Key takeaways, quotes, and mentions — in a 5-minute read.
Get Free Summaries →Free forever for up to 3 podcasts. No credit card required.
You Might Also Like
Listeners also like.
Open Source Security
Josh Bressers
Application Security Weekly (Audio)
Security Weekly Productions
The Security Podcast of Silicon Valley
YSecurity
CISO Stories Podcast (Audio)
SC Media
Secure AF - A Cybersecurity Podcast
Alias Cybersecurity
CISO Series Podcast
David Spark, Mike Johnson, and Andy Ellis
ISF Podcast
Information Security Forum Podcast
Open Source Startup Podcast
Robby (MTF); Tim (Essence VC)
The OSINTion
The OSINTion
Tales From The SOC
Tales From The SOC
The OWASP Podcast Series
The OWASP Podcast Series
Enterprise Security Weekly (Audio)
Security Weekly Productions
About What's in the SOSS? An OpenSSF Podcast
What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure. Get a taste of all the ingredients that make up secure open source software (SOSS) and explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments. Each episode of What's in the SOSS? is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software community.About Christopher Robinson (aka CRob), hostCRob is a 43rd level Dungeon Master and a 26th level Securityologist. He is a leader within several Open Source Security Foundation (OpenSSF) efforts and is a frequent speaker on cyber, application, and open source security. He enjoys hats, herding cats, and moonlit walks on the beach.
Customized Recaps
AI-powered recaps with compact key takeaways, quotes, and insights.
Straight to Your Inbox
Get key takeaways from What's in the SOSS? An OpenSSF Podcast in a 5-minute read.
Save Hours Every Week
Stay current on your favorite podcasts without falling behind.
Frequently Asked Questions
What is Podzilla's What's in the SOSS? An OpenSSF Podcast daily summary?
It's a free AI-powered email that summarizes new episodes of What's in the SOSS? An OpenSSF Podcast as soon as they're published. You get the key takeaways, notable quotes, and links & mentions — all in a quick read.
How does the What's in the SOSS? An OpenSSF Podcast podcast summary work?
When a new episode drops, our AI transcribes and analyzes it, then generates a personalized summary tailored to your interests and profession. It's delivered to your inbox every morning.
Is this an official What's in the SOSS? An OpenSSF Podcast product?
No. Podzilla is an independent service that summarizes publicly available podcast content. We're not affiliated with or endorsed by OpenSSF.
Can I get summaries of other podcasts too?
Absolutely! The free plan covers up to 3 podcasts. Upgrade to Pro for 15, or Premium for 50. Browse our full catalog at /podcasts.
How often does What's in the SOSS? An OpenSSF Podcast release new episodes?
What's in the SOSS? An OpenSSF Podcast publishes biweekly. Our AI generates a summary within hours of each new episode.
What topics does What's in the SOSS? An OpenSSF Podcast cover?
What's in the SOSS? An OpenSSF Podcast covers topics including Technology. Our AI identifies the specific themes in each episode and highlights what matters most to you.
Start getting What's in the SOSS? An OpenSSF Podcast summaries tomorrow morning.
Free forever for up to 3 podcasts. No credit card required.
Free forever for up to 3 podcasts. No credit card required.