What's in the SOSS? An OpenSSF Podcast
Episodes
Empowering New Maintainers: Inside the OpenSSF Mentorship Program
17 Mar 2026
Contributed by Lukas
In this episode of What’s in the SOSS? host Sally Cooper sits down with Yesenia Yser, co-lead of the OpenSSF Mentorship Program and the BEAR Working...
The Gemara Project: GRC Engineering Model for Automated Risk Assessment
10 Mar 2026
Contributed by Lukas
Hannah Braswell and Jenn Power, security engineers from Red Hat and contributors to the OpenSSF, join host Sally Cooper to discuss the Gemara project....
AIxCC Part 4 – Cyber Reasoning Systems: The Real-World Journey After AIxCC
10 Feb 2026
Contributed by Lukas
In this final episode of our AI Cyber Challenge (AIxCC) series, CRob and Jeff Diecks wrap-up the journey from DARPA's groundbreaking two-year com...
AIxCC Part 3 - Buttercup's Hybrid Approach: Trail of Bits' Journey to Second Place in AIxCC
10 Feb 2026
Contributed by Lukas
In the final episode of our AI Cyber Challenge (AIxCC) series, CRob sits down with Michael Brown, Principal Security Engineer at Trail of Bits, to dis...
AIxCC Part 2 - From Skeptics to Believers: How Team Atlanta Won AIxCC by Combining Traditional Security with LLMs
10 Feb 2026
Contributed by Lukas
In this 2nd episode in our series on DARPA's AI Cyber Challenge (AIxCC), CRob sits down with Professor Taesoo Kim from Georgia Tech to discuss Te...
AIxCC Part 1 - From Skepticism to Success: The AI Cyber Challenge (AIxCC) with Andrew Carney
10 Feb 2026
Contributed by Lukas
This episode of What’s in the SOSS features Andrew Carney from DARPA and ARPA-H, discussing the groundbreaking AI Cyber Challenge (AIxCC). The compe...
Demystifying the CFP Process with KubeCon North America Keynote Speakers
03 Feb 2026
Contributed by Lukas
Ever wondered what it takes to get your talk accepted at a major open source tech conference – or even land a keynote slot? Join What’s in the Sau...
Why Marketing Matters in Open Source: Introducing Co-Host Sally Cooper
27 Jan 2026
Contributed by Lukas
In this special episode, the What's in the SOSS podcast welcomes Sally Cooper as an official co-host. Sally, who leads OpenSSF's marketing e...
2025 Year End Wrap Up: Celebrating 5 Years of Open Source Security Impact!
30 Dec 2025
Contributed by Lukas
Join co-hosts CRob and Yesenia for a special season finale celebrating OpenSSF's fifth anniversary and recapping an incredible year of innovation...
Teaching the Next Generation: Software Supply Chain Security in Academia with Justin Cappos
16 Dec 2025
Contributed by Lukas
On this episode of "What's in the SoSS," Yesenia Yser sits down with Justin Cappos, NYU professor and self-described "OG software ...
Securing the Future: AI, Open Source, and Collaboration with Jay White (Microsoft)
02 Dec 2025
Contributed by Lukas
Jay White, a leader in the open source ecosystem at Microsoft, discusses his journey into open source, focusing on AI and machine learning. He highlig...
SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)
19 Nov 2025
Contributed by Lukas
Stephanie Domas, Canonical's Chief Security Officer, returns to What's in the SOSS to discuss critical open source challenges. She addresses...
A Deep Dive into the Open Source Project Security (OSPS) Baseline
04 Nov 2025
Contributed by Lukas
In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This bas...
Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security Leader
21 Oct 2025
Contributed by Lukas
In this episode of What’s in the SOSS, host Yesenia Yser sits down with Seth Larson, Security Developer in Residence at the Python Software Foundati...
New Education Course: Secure AI/ML-Driven Software Development (LFEL1012) with David A. Wheeler
16 Oct 2025
Contributed by Lukas
In this episode of “What’s In The SOSS,” Yesenia interviews David A. Wheeler, the Director of Open Source Supply Chain Security at the Linux Fou...
The Remediation Revolution: How AI Agents Are Transforming Open Source Security with John Amaral of Root.io
07 Oct 2025
Contributed by Lukas
In this episode of What's in the SOSS, CRob sits down with John Amaral from Root.io to explore the evolving landscape of open source security and...
From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr Project
23 Sep 2025
Contributed by Lukas
In this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional p...
Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts
09 Sep 2025
Contributed by Lukas
The quantum threat is real, and the clock is ticking. With government deadlines set for 2030, organizations have just five years to migrate their cryp...
Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives
26 Aug 2025
Contributed by Lukas
In this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in t...
Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits
12 Aug 2025
Contributed by Lukas
In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discu...
From Compliance to Community: Meeting CRA Requirements Together
29 Jul 2025
Contributed by Lukas
In this episode of 'What's in the SOSS” CRob dives deep into the Erlang ecosystem with Jonatan Männchen (CISO, Erlang Ecosystem Foundatio...
Building India's Open Source Security Community: From Developer Nation to Security Champions
15 Jul 2025
Contributed by Lukas
Join CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promo...
From Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building Community
01 Jul 2025
Contributed by Lukas
In this episode of What’s in the SOSS? host Yesenia Yser sits down with open source security engineer and community leader Tabatha DiDomenico for an...
Bridging DevOps and Security: Tracy Reagan on the Future of Open Source
17 Jun 2025
Contributed by Lukas
In this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the...
Yoda, DEI, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes
03 Jun 2025
Contributed by Lukas
In this enlightening and entertaining episode of What's in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and St...
Cybersecurity Framework Launch
20 May 2025
Contributed by Lukas
In this episode of What's in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde's journey i...
Scaling Security: Inside the GitHub Securing Open Source Software Fund
13 May 2025
Contributed by Lukas
In this episode of What’s in the SOSS?, CRob sits down with Kevin Crosby and Xavier Rene-Corail from GitHub to unpack the GitHub Secure Open Source ...
Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter
06 May 2025
Contributed by Lukas
In this special episode of What’s in the SoSS?, we welcome Stacey Potter, the new Community Manager at the Open Source Security Foundation (OpenSSF)...
Secure Software Starts with Awareness: Education & Open Source with the Council of Daves
22 Apr 2025
Contributed by Lukas
In this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red ...
Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF
15 Apr 2025
Contributed by Lukas
In this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader w...
JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at Scale
08 Apr 2025
Contributed by Lukas
Robin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining ...
Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding
25 Mar 2025
Contributed by Lukas
In this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Y...
OpenSSF 2025 MVVSR Overview
11 Mar 2025
Contributed by Lukas
CRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler,...
Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain
07 Jan 2025
Contributed by Lukas
CRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They di...
Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects
17 Dec 2024
Contributed by Lukas
In this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and mainten...
Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security
10 Dec 2024
Contributed by Lukas
In this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source softwa...
Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security
26 Nov 2024
Contributed by Lukas
CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member ...
Red Hat's Rodrigo Freire and the Impact of High-Profile Security Incidents
12 Nov 2024
Contributed by Lukas
In this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the...
Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer”
29 Oct 2024
Contributed by Lukas
In this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with...
Intel’s Katherine Druckman and the Impact of Developer Relations
15 Oct 2024
Contributed by Lukas
In this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair...
Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level
01 Oct 2024
Contributed by Lukas
In this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application ...
Bidding Adieu to Omkhar Arasaratnam
17 Sep 2024
Contributed by Lukas
In this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As ...
CoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open Source
10 Sep 2024
Contributed by Lukas
Omkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay Wh...
GitHub’s Mike Hanley and Transforming the “Dept. of No” Into the "Dept. of Yes, And…”
03 Sep 2024
Contributed by Lukas
In this episode, Omkhar chats with Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President ...
CISA's Aeva Black and the Public Sector View of Open Source Security
27 Aug 2024
Contributed by Lukas
In this episode, Omkhar Arasaratnam visits with Aeva Black, who currently serves as the Section Chief for Open Source Security at CISA, and is an open...
Google’s Andrew Pollock and Addressing Open Source Vulnerabilities
13 Aug 2024
Contributed by Lukas
Episode description: Andrew Pollock is a Senior Software Engineer at Google, currently working on https://osv.dev. With a background as an Enterprise ...
Rust Foundation’s Bec Rumbul and Succeeding as a “Non-Techie” in a Tech-Heavy Industry
30 Jul 2024
Contributed by Lukas
Bec Rumbul is the Executive Director and CEO of the Rust Foundation, a global non-profit that stewards the Rust language, supports maintainers, and en...
Sonatype’s Brian Fox and the Perplexing Phenomenon of Downloading Known Vulnerabilities
16 Jul 2024
Contributed by Lukas
Brian Fox is Co-founder and Chief Technology Officer at Sonatype, bringing over 28 years of hands-on experience driving software development for organ...
Arun Gupta and Giving Back to Security Communities
02 Jul 2024
Contributed by Lukas
Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation and the OpenSSF Governing Board Chair. Arun has be...
Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX
18 Jun 2024
Contributed by Lukas
The world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Vey...
A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS?
11 Jun 2024
Contributed by Lukas
Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. He also serves as the Open SSF’s...
OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source Security
04 Jun 2024
Contributed by Lukas
Matt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with tea...
Eric Brewer and the Future of Open Source Security
21 May 2024
Contributed by Lukas
In this episode, Omkhar talks to Eric Brewer, professor emeritus of computer science at the University of California, Berkeley and vice president of i...
Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security
07 May 2024
Contributed by Lukas
In this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s clou...
Christoph Kern and the Challenge of Keeping Google Secure
23 Apr 2024
Contributed by Lukas
In this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph he...
Vincent Danen and the Art of Vulnerability Management
11 Apr 2024
Contributed by Lukas
Omkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red ...
What's in the SOSS? Preview
26 Mar 2024
Contributed by Lukas
Omkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF) and a veteran cybersecurity and technical risk management e...