Podcasts about open source security foundation

In this episode of InTechnology, Camille gets into open source with guest Jim Zemlin, Executive Director of The Linux Foundation, and co-host Melissa Evers, Vice President of the Software and Advanced Technology Group at Intel. They talk about the use of generative AI and LLMs with open-source software, the AI Alliance, the Open Source Security Foundation, the ever-changing threat landscape, AI tools for open-source security, security standards, and much more. The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.

More organizations worried about cybersecurity are turning to software bills of material (SBOMS). Getting them from software suppliers as a matter of compliance is one thing. Gaining cybersecurity intelligence from them is another. For advice, Federal Drive host Tom Temin talked with the General Manager of the Open Source Security Foundation, Omkhar Arasaratbam. Learn more about your ad choices. Visit megaphone.fm/adchoices

More organizations worried about cybersecurity are turning to software bills of material (SBOMS). Getting them from software suppliers as a matter of compliance is one thing. Gaining cybersecurity intelligence from them is another. For advice, Federal Drive host Tom Temin talked with the General Manager of the Open Source Security Foundation, Omkhar Arasaratbam. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The United States has launched a competition for developing artificial intelligence (AI) to find and fix security issues in U.S. government infrastructure. Anne Neuberger is the U.S. government's deputy national security advisor for cyber and emerging technology. She told Reuters news agency, "Cybersecurity is a race between offense and defense." She said bad actors are already using AI to identify weaknesses in systems and to build malicious software.美国发起了一场开发人工智能（AI）的竞赛，以发现并解决美国政府基础设施中的安全问题。 安妮·纽伯格 (Anne Neuberger) 是美国政府负责网络和新兴技术的副国家安全顾问。 她告诉路透社，“网络安全是进攻与防守之间的竞赛。”她说，不良行为者已经在使用人工智能来识别系统的弱点并构建恶意软件。A number of U.S. organizations, in healthcare, manufacturing and government, have been targets of hacking in recent years. Officials have warned about such threats, especially from foreign actors. Canada's cybersecurity chief Sami Khoury made similar comments last month. He said his agency had seen AI being used for everything from creating phishing emails and writing malicious computer code to spreading disinformation. The White House said the two-year competition includes around $20 million in awards. The Defense Advanced Research Projects Agency (DARPA) will lead the competition. DARPA is the U.S. government body in charge of creating technologies for national security.近年来，美国医疗保健、制造业和政府等领域的许多组织都成为黑客攻击的目标。官员们对此类威胁，尤其是来自外国行为者的威胁发出了警告。加拿大网络安全主管萨米·库里上个月也发表了类似的言论。他说，他的机构已经看到人工智能被用于各种用途，从创建网络钓鱼电子邮件、编写恶意计算机代码到传播虚假信息。白宫表示，为期两年的竞赛包括约 2000 万美元的奖金。国防高级研究计划局（DARPA）将主导此次竞赛。 DARPA 是负责开发国家安全技术的美国政府机构。The technology companies Google, Anthropic, Microsoft, and OpenAI will make their systems available for the competition, the government said. The event signals official attempts to deal with an emerging threat that experts are still trying to fully understand. In the past year, U.S. businesses have launched a number of generative AI tools such as ChatGPT. These tools permit users to create videos, images, texts, and computer code. Chinese companies have launched similar tools. Experts say such tools could make it far easier to carry out large hacking campaigns or create false identities on social media to spread lies and propaganda.政府表示，谷歌、Anthropic、微软和 OpenAI 等科技公司将提供他们的系统用于竞赛。这一事件标志着官方试图应对专家仍在试图充分了解的新威胁。去年，美国企业推出了ChatGPT等多款生成式人工智能工具。这些工具允许用户创建视频、图像、文本和计算机代码。中国公司也推出了类似的工具。专家表示，此类工具可以使大规模黑客活动或在社交媒体上创建虚假身份以传播谎言和宣传变得更加容易。Neuberger said the goal of the DARPA AI competition is to build a larger community of cyber defenders who use AI to help increase America's cyber defenses. The Open Source Security Foundation, a group of experts trying to improve open source software security, will also be involved in the competition. It will make sure the "winning software code is put to use right away," the U.S. government said.Neuberger 表示，DARPA 人工智能竞赛的目标是建立一个更大的网络防御者社区，利用人工智能帮助增强美国的网络防御。开源安全基金会（由一群致力于提高开源软件安全性的专家组成）也将参与竞赛。美国政府表示，这将确保“获胜的软件代码立即投入使用”。

The OpenSSF is doing invaulable work for the cybersecurity community.  And their new managing director happens to be Omkhar Arasaratnam, whose appearance on the show a while back created one of our most popular episodes ever!  Omkhar is back to talk about the OpenSSF: What is the OpenSSF and how does it relate to the Linux Foundation? What is the organization's mission? What is the organization's vision? What exciting projects are taking place (and a sneak peek about some upcoming announcements at Black Hat!) What mark do you want to leave on the OpenSSF as Managing Director? Omkhar is an expert in DevOps and CI/CD.  He is an expert in security.  His passion is supply chain security.  You can see where all of this can come together in his new role and make amazing things happen for your industry.  Y'all enjoy, and y'all be good now!

You are now at the Open Source Security Foundation - but you have a ton of experience (even as a former IBMer) from Google, to JPMorgan, and financial institutions through architecture, management, and engineering. Can you talk a little bit about your leadership journey? Let's dig into OpenSSF a bit more - we're only seeing an increase in software supply chain attacks - what is driving the OpenSSF and any particular threats you're concerned with at the moment? We know the OpenSSF has focused heavily on securing OSS and the ecosystem and even launched the OSS Security Mobilization Plan. Are you able to talk a bit about that plan and what it hopes to accomplish?OpenSSF is obviously one of several organizations such as OWASP and others helping to provide valuable resources to the industry to tackle these challenges. Are you able to speak about any active collaborations with other organizations or institutions, academia etc. or how organizations can look to collaborate with the OpenSSF?You are also a Fellow at the Center for Cybersecurity at the NYU Tandon school. Both Chris and I are also Fellows (at different organizations) - can you talk a little bit about what a Fellow does and how you got involved? Where can organizations really start though? With so many vulnerabilities, libraries, dependencies, and managing software and infrastructure, it is incredibly cumbersome for organizations to get a handle to what to work on first. Where do software teams start? Coming off of Father's Day, I noticed your LinkedIn tagline leads with Dad and Husband. How have you found success in balancing those critical roles and responsibilities while still pursuing your professional endeavors and aspirations?What does cyber resiliency mean to you?

Evaluating security risk associated with open source software projects can be a complex or even daunting task, but an Open Source Security Foundation project called OpenSSF Scorecard helps put some order and automation into the process. In this episode, we chat with one of OpenSSF Scorecard's contributors, Brian Russell of Google, and Ryan Ware, Director of Open Source Security at Intel, about the problems Scorecard addresses, and how it might help improve the experience of developers and consumers of open source software. We'll take a deep dive into the automated security checks, how to use the data, and how to include Scorecards in a workflow. Links SCaLE 20x presentation: How do you trust your open source software? Guests: Brian Russell is a Product Manager on Google's Open Source Security Team. He focuses on software supply chain security and is actively involved in the OpenSSF Scorecards project. In his spare time, Brian enjoys 3D printing and Atari video game programming. Ryan Ware recently returned to Intel to focus on Open Source Software (OSS) security.  He is currently helping drive Intel's efforts in the Open Source Security Foundation (OpenSSF). Ryan is an industry veteran who has always worked at the intersection of open source software and security, be it implementing security features in open source software stacks, using open source software to find security vulnerabilities in software and hardware, or helping teams utilize OSS in a secure way.

What is confidential computing? Learn about protecting data in use with confidential computing powered by open source software with two people working at the forefront of this technology through open collaboration within the Confidential Computing Consortium. Dan Middleton, a principal engineer at Intel, and Dave Thaler, a software architect at Microsoft, share their work with Confidential Computing and their efforts to further this technology via the Confidential Computing Consortium. Learn about confidential computing, the problems it solves, and how you can get involved. Guests: Dan Middleton is a Principal Engineer with over 20 years at intel. He has been privileged to develop and release products in emerging areas including SaaS, Computational Imaging, Blockchain, and Confidential Computing. As an open source leader, he has represented Intel in projects including the Confidential Computing Consortium, The Open Source Security Foundation, CNCF CoCo, and Hyperledger. Dan currently leads Confidential Computing pathfinding in IPAS/S3 (Security Software and Services). Dan is currently the Chair of the CCC's Technical Advisory Council. Dave Thaler is a Software Architect at Microsoft, where he works on open source and standards, including Confidential Computing.  Dave has over 25 years of standards body experience and currently chairs the IETF group on Software Update for IoT, and is a member of the Confidential Computing Consortium's Technical Advisory Council which he previously chaired for 3 years.  He also previously served as a member of the Internet Architecture Board (IAB) for 11 years.

Doc Searls and Simon Phipps talk with Brian Behlendorf, one of the original authors of Apache, about his new gig at the Open Source Security Foundation, plus the many challenges of decentralization. As well as the challenges of getting governments to care about open source. Another great discussion on FLOSS Weekly. Hosts: Doc Searls and Simon Phipps Guest: Brian Behlendorf Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast Compiler - FLOSS newrelic.com/FLOSS

Doc Searls and Simon Phipps talk with Brian Behlendorf, one of the original authors of Apache, about his new gig at the Open Source Security Foundation, plus the many challenges of decentralization. As well as the challenges of getting governments to care about open source. Another great discussion on FLOSS Weekly. Hosts: Doc Searls and Simon Phipps Guest: Brian Behlendorf Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast Compiler - FLOSS newrelic.com/FLOSS

Doc Searls and Simon Phipps talk with Brian Behlendorf, one of the original authors of Apache, about his new gig at the Open Source Security Foundation, plus the many challenges of decentralization. As well as the challenges of getting governments to care about open source. Another great discussion on FLOSS Weekly. Hosts: Doc Searls and Simon Phipps Guest: Brian Behlendorf Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast Compiler - FLOSS newrelic.com/FLOSS

Doc Searls and Simon Phipps talk with Brian Behlendorf, one of the original authors of Apache, about his new gig at the Open Source Security Foundation, plus the many challenges of decentralization. As well as the challenges of getting governments to care about open source. Another great discussion on FLOSS Weekly. Hosts: Doc Searls and Simon Phipps Guest: Brian Behlendorf Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast Compiler - FLOSS newrelic.com/FLOSS

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

On Security Now, Leo Laporte and Steve Gibson discuss the relatively new OpenSSF - Open Source Security Foundation - and its Package Analysis Project. For more, check out Security Now: https://twit.tv/sn/869 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

On Security Now, Leo Laporte and Steve Gibson discuss the relatively new OpenSSF - Open Source Security Foundation - and its Package Analysis Project. For more, check out Security Now: https://twit.tv/sn/869 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/

On Security Now, Leo Laporte and Steve Gibson discuss the relatively new OpenSSF - Open Source Security Foundation - and its Package Analysis Project. For more, check out Security Now: https://twit.tv/sn/869 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/

Picture of the Week. DoD DIB-VDP Pilot Overview. The OpenSSF and the Package Analysis project. Connecticut moves toward state privacy protections. Closing The Loop. Global Privacy Control. We invite you to read our show notes at https://www.grc.com/sn/SN-869-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit bitwarden.com/twit itpro.tv/securitynow promo code SN30

The hack of Beanstalk is just the latest major compromise of a decentralized finance (DeFi) platform. In this podcast, Jennifer Fernick of NCC Group joins me to talk about why DeFi's security woes are much bigger than Beanstalk. The post Episode 237: Jacked on the Beanstalk – DeFi's Security Debt Runs Wide, Deep appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko HyppönenEpisode 241: If Its Smart, Its Vulnerable a Conversation wit Mikko HyppönenEpisode 240: As Stakes Of Attacks Grow, Can Cyber Policy “Shift Right”?

In this episode we answer your questions then explain that latest vulnerability in Linux! -- During The Show -- 00:50 Steve's Week iSCSI targets 01:50 Charlie asks about Liquid Sensor 12V Liquid Level Sensor Switch Relay Module (https://www.aliexpress.com/item/1005003118991336.html) Very DIY 05:20 Contact Sensors and Home Assistant Feedback - The Linux Trucker Moved to ESPHome ESPHome (https://esphome.io/) vs Tasmota (https://tasmota.github.io/docs/) Nextion Screens (https://nextion.tech/) Tasmotizer (https://github.com/tasmota/tasmotizer) 11:15 Experience from a Data Center - Ronald Rack ATS (https://www.apc.com/shop/us/en/products/RACK-ATS-230V-16A-C20-IN-8-C13-1-C19-OUT/P-AP4423) iLO = Energy Vampire Flashable Smart Plugs (http://www.amazon.com/dp/B09JZDSLNC/?tag=minddripmedia-20) 17:40 Containers & Home Assistant questions - Tyler Docker vs Podman Containerized UniFi Controller Home Assistant Core and Supervisor Home Assistant Backup/Migration Code Ready Containers (https://developers.redhat.com/products/codeready-containers/overview) Single Node OpenShift (https://upstreamwithoutapaddle.com/blog%20post/2022/01/16/Let-It-Sno.html) 24:40 Keith suggestion for the show Show for electricians going opensource? Please write back in! 27:50 Baby Monitor Feedback - Ciaran IR Light Exposure 29:45 Pick of the Week MD-to_PDF (https://www.npmjs.com/package/md-to-pdf) Markdown to PDF on the CLI cat file.md | md-to-pdf > path/to/output.pdf 32:43 Steve - WikiJS Wiki.JS (https://docs.requarks.io/) Markdown Wiki WYSIWYG Editor 36:09 News Wire Rocket Chat and Nextcloud (https://news.itsfoss.com/rocket-chat-nextcloud-collaboration/) AMDGPU Linux Driver Update (https://wccftech.com/amdgpu-linux-driver-update-allows-multiple-users-across-several-engines-to-execute-simultaneously/) Wii U Linux Patches (https://www.phoronix.com/scan.php?page=news_item&px=Wii-U-March-2022-Linux) CVE-2022-0492 High-Severity Container Escape Vulnerability Unit 42 (https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/) Hacker News (https://thehackernews.com/2022/03/new-linux-kernel-cgroups-vulnerability.html) Dirty Pipe (https://www.zdnet.com/article/dirty-pipe-linux-vulnerability-discovered-fixed/) Package Typo Squatting (https://www.computing.co.uk/news/4045953/researchers-warn-malicious-typosquatting-packages-open-source-repositories) Open Source Security Foundation gains 23 New Members (https://venturebeat.com/2022/03/01/the-open-source-security-foundation-gains-support-from-huawei-spotify-and-23-new-organizations/) LISH and OpenSSF List Top 1000 Libraries ZDnet (https://www.zdnet.com/article/the-top-1000-open-source-libraries/) DevOps.com (https://devops.com/linux-foundation-lists-top-open-source-libraries/) Steam Survey (https://www.phoronix.com/scan.php?page=news_item&px=Steam-Survey-February-2022) PolyCoder (https://venturebeat.com/2022/03/04/researchers-open-source-code-generating-ai-they-claim-can-beat-openais-codex/) Armbian 22.02 Released (https://www.theregister.com/2022/03/03/armbian_project_releases_version_2202/) Nitrux 2.0.1 (https://9to5linux.com/nitrux-2-0-1-switches-to-mesa-22-1-by-default-for-linux-gaming-ships-with-kde-plasma-5-24-lts) Budgie 10.6 Released (https://github.com/BuddiesOfBudgie/budgie-desktop/releases/tag/v10.6) 38:00 C Groups Vulnerability Containers Basics CVE-2022-0492 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0492) How it works SELinux and AppArmor Protect you Network Name Spaces Learn SELinux (Do Not Shut it off) Permissive Mode Who is at risk Linux Name Spaces (https://www.redhat.com/sysadmin/7-linux-namespaces) PID Name Space (https://www.redhat.com/sysadmin/pid-namespace) UTS Name Space (https://www.redhat.com/sysadmin/uts-namespace) Mount Name Spaces (https://www.redhat.com/sysadmin/mount-namespaces) Building Container Name Spaces (https://www.redhat.com/sysadmin/building-container-namespaces) CGroups Series Part 1 (https://www.redhat.com/sysadmin/cgroups-part-one) Part 2 (https://www.redhat.com/sysadmin/cgroups-part-two) Part 3 (https://www.redhat.com/sysadmin/cgroups-part-three) Part 4 (https://www.redhat.com/sysadmin/cgroups-part-four) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/276) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Steve Ovens.

Brian Behlendorf is the General Manager of the Open Source Security Foundation. Brian has dedicated his career to connecting and empowering the free software and open source community to both solve difficult technology problems and have a positive impact on society. From startup company founder, to advisor to the U.S. government, to non-profit board member and employee of the World Economic Forum, he's been at the forefront of the open source software revolution. Join hosts Luke Schantz and Joe Sepi as they get Brian's take on the latest open source software developments. As the recent Log4J vulnerability has shown, open source software is not immune to security breaches and attack. Brian shares his views on the Log4J scramble, his recent White House meetings on software security, the costs of security and threat mitigation, and future challenges and opportunities in open source software. Join us for a look back at Brian Behlendorf's unique career and see what's next for him and the movement he helped launch, this time on In the Open with Luke & Joe.Links:Brian Behlendorf bio: https://en.wikipedia.org/wiki/Brian_B...Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble: https://openssf.org/blog/2021/12/16/o...Open Source @ IBM: https://www.ibm.com/opensource/IBM Open Source featured projects: https://www.ibm.com/opensource/open-p...____________________________________________Learn in-demand skills. Build with real code. Connect to a global development community: http://ibm.biz/IBMdeveloperYTSubscribe to see more developer content → https://www.youtube.com/user/develope...Follow IBM Developer on social:Twitter: https://twitter.com/IBMDeveloperFacebook: https://www.facebook.com/IBMDeveloper/LinkedIn: https://www.linkedin.com/showcase/ibm...More from IBM Developer:Community: https://developer.ibm.com/community/Blog: https://developer.ibm.com/blogs/Call for Code: https://developer.ibm.com/callforcode/#opensource#Developer#Coding#IntheOpen#IBMDeveloper

Josh and Kurt talk to David A. Wheeler about everything OpenSSF. The Open Source Security Foundation is part of the Linux Foundation, and there are 6 OpenSSF working groups. David does a great job explaining how the OpenSSF works and what the 6 working groups are doing. The working group are (in no particular order): Identifying Security Threats, Security Tooling, Best Practices, Vulnerability Disclosures, Digital Identity Attestation, Securing Critical Projects. Show Notes David A Wheeler Episode 14 – David A Wheeler: CII Badges Sigstore joins the OpenSSF OpenSSF Technical Working Groups NPM requires MFA LISH Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks