Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security

What's in the SOSS? An OpenSSF Podcast

Player FM - Internet Radio Done Right

Đã thêm cách đây một năm

Nội dung được cung cấp bởi OpenSSF. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được OpenSSF hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

The Final Flight of Captain Forrester

1
The Final Flight of Captain Forrester 4:38

cách đây 8 ngày trước4:38

Nghe Sau

Danh sách

Thích

Đã thích

4:38

A woman’s search for her father—a pilot who disappeared during a mission in Vietnam—collides with the fight over what we owe those who never returned from war. From the producers of "America's Girls" and "Tom Brown's Body," and hosted by Texas Monthly writer Josh Alvarez, the show debuts April 2025. Texas Monthly Audio subscribers get early access to the show, plus bonus episodes and more subscriber-only audio. Visit texasmonthly.com/audio to learn more.…

cách đây khoảng một năm trước 17:29

MP3•Trang chủ episode

In this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of the Jeff Aiken cyberthriller novels Zero Day, Trojan Horse and Rogue Code, and co-author of the Microsoft Press Windows Internals books.

00:36 - Mark on his role at Azure
01:30 - Where AI is headed and its impact on enterprises
04:06 - The task of teaching a machine learning model to unlearn Harry Potter
06:32 - The good and bad of AI hallucinations
10:35 - The promise of more secure open source software via AI
13:05 - Mark answers Omkhar’s “rapid-fire” questions: mild or spicy food, Vim, Emacs or VS Code and tabs or spaces
15:01 - Why aspiring software engineers should still learn to code

Episode links:

29 tập

#Tech #Omkhar Arasaratnam, Open SSF #Omkhar Arasaratnam #Open SSF

Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security

What's in the SOSS? An OpenSSF Podcast

published cách đây khoảng một năm trước

Chia sẻ

MP3•Trang chủ episode

00:36 - Mark on his role at Azure
01:30 - Where AI is headed and its impact on enterprises
04:06 - The task of teaching a machine learning model to unlearn Harry Potter
06:32 - The good and bad of AI hallucinations
10:35 - The promise of more secure open source software via AI
13:05 - Mark answers Omkhar’s “rapid-fire” questions: mild or spicy food, Vim, Emacs or VS Code and tabs or spaces
15:01 - Why aspiring software engineers should still learn to code

Episode links:

29 tập

#Tech #Omkhar Arasaratnam, Open SSF #Omkhar Arasaratnam #Open SSF

Tất cả các tập

What's in the SOSS? An OpenSSF Podcast

1
Secure Software Starts with Awareness: Education & Open Source with the Council of Daves 24:46

cách đây 17 hours trước24:46

24:46

In this episode of What’s in the SOSS, host CRob is joined by the “Council of Daves” - Dr. David Wheeler of the OpenSSF and Dave Russo from Red Hat — for a deep dive into the intersection of secure software development and education. From their open source origin stories to the challenges of educating developers and managers alike, this conversation covers key initiatives like the LFD121 course, upcoming resources on the EU Cyber Resilience Act, and how AI is shifting the landscape. Whether you're a developer, manager, or just open source curious, this is your crash course in why security training matters more than ever. 📚 Episode Chapters: Intro & Meet the Council of Daves (0:16) Open Source Origin Stories (1:22) The Role of the Education SIG (4:05) Why Secure Software Education Is Critical (6:30) Inside the LFD121 Secure Development Course (8:01) Training Managers on Secure SDLC Practices (12:24) Why AI Makes Education More Important, Not Less (13:53) What’s Next in Security Education: CRA 101 and More (16:04) Rapid Fire Round: VI vs. EMACS, Tabs or Spaces & Mascots (20:20) Final Thoughts & Call to Action (22:04) Episode links: Dave Russo LinkedIn David Wheeler LinkedIn OpenSSF Free Training : LFD121: Developing Secure Software LFD125: Security for Software Development Managers LFEL1001: Understanding the EU Cyber Resilience Act (CRA) Get involved with the OpenSSF Subscribe to the OpenSSF Newsletter Follow the OpenSSF on LinkedIn…

What's in the SOSS? An OpenSSF Podcast

1
Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF 11:25

cách đây 8 ngày trước11:25

11:25

In this episode of What’s in the SOSS, we sit down with the OpenSSF’s new General Manager, Steve Fernandez — a seasoned enterprise tech leader whose resumé spans giants like L’Oréal, Coca-Cola, AIG, and Ford. Steve shares his “origin story,” what drew him into the world of open source, and how his decades of experience as a consumer of open source software are shaping his vision for the Foundation. 00:21 Welcome & Introductions 00:57 Steve’s Tech Journey 03:13 Why OpenSSF? 05:02 The Role of Security & Strategic Vision 08:17 Rapid Fire & Final Thoughts…

What's in the SOSS? An OpenSSF Podcast

1
JavaScript's Big Footprint: Robin Bender Ginn on Leading OpenJS and Open Source at Scale 17:49

cách đây 15 ngày trước17:49

17:49

Robin Bender Ginn, Executive Director of the OpenJS Foundation, joins us to talk about JavaScript’s massive footprint, the challenges of sustaining critical open source projects, and the importance of security in the web ecosystem. She shares her journey, insights on community-led development, and how OpenJS is building a healthier future for the JavaScript ecosystem. Learn more and register for JSConf North America: https://events.linuxfoundation.org/jsconf-north-america/register/…

What's in the SOSS? An OpenSSF Podcast

1
Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding 17:18

cách đây 29 ngày trước17:18

17:18

In this inspiring episode of "What's in the SOSS?", we welcome our new Co-Host, cybersecurity expert and open source advocate Yesenia Yser. Join hosts CRob and Yesenia as they delve into her compelling journey from discovering open source at Red Hat to pioneering AI security at Microsoft. Learn how Yesenia blends her passion for cybersecurity, Brazilian jiu-jitsu, and empowering communities—especially women—to shape her personal brand and advocacy efforts. Don't miss this lively conversation full of actionable insights for anyone interested in cybersecurity, open source communities, and personal growth. Episode Highlights: 00:18 – Introduction to Yesenia Yser 00:55 – Yesenia's open source origin story 03:30 – From cybersecurity professional to jiu-jitsu practitioner 05:56 – Building a personal brand in tech and beyond 09:04 – Advocating diversity in tech through the BEAR group 12:40 – Fun rapid-fire round (VI or Emacs, Coke or Pepsi, favorite open source mascot, spicy vs. mild food, and more) 13:52 – Yesenia joins as new co-host of "What's in the SOSS?" 15:39 – Advice for breaking into open source and cybersecurity Connect with Yesenia: Yesenia Yser on LinkedIn The Lioness Instincts Get Involved with the OpenSSF: Subscribe to the OpenSSF newsletter Join the OpenSSF an upcoming Community Day Watch BEAR Community Office Hours on YouTube…

What's in the SOSS? An OpenSSF Podcast

1
OpenSSF 2025 MVVSR Overview 26:56

cách đây 6 weeks trước26:56

26:56

CRob is joined by Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair, and Zach Steindler, Principal Engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group to discuss the key lessons learned from open source security in 2024, the importance of the MVVSR (Mission, Vision, Values, Strategy, and Roadmap) framework, and the exciting initiatives planned for 2025. They highlight the growing reliance on open source, the challenges of dependency vulnerabilities, and the need for better security practices in the industry. Chapters: 03:29 Key Lessons from Open Source Security in 2024 08:29 MVSR: Mission, Vision, Strategy, and Roadmap 13:41 Importance of Strategy and Roadmap in OpenSSF 17:48 Roadmap Items for Community Collaboration 20:02 Key Resources and Courses for Developers 22:09 Exciting Opportunities Ahead for 2025 Episode links: Arun’s Linkedin Zach’s Linedkin 2024 Annual Report Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…

What's in the SOSS? An OpenSSF Podcast

1
Kusari’s Michael Lieberman Talks GUAC, SLSA and Securing the Open Source Supply Chain 21:06

cách đây 15 weeks trước21:06

21:06

CRob is joined by Michael Lieberman, CTO and co-founder of Kusari, about the importance of supply chain security in the open source ecosystem. They discuss Michael's journey in open source, his contributions to projects like SLSA and GUAC and the future of supply chain security. 01:56 - Michael explains how he got into open source 04:10 - The challenges of being a startup within the open source ecosystem 05:38 - Michael digs into his participation with SLSA and GUAC 09:13 - How maintainers can address SBOMs with GUAC 10:56 - Michael’s predictions for supply chain security and dependency management 14:26 - Michael answers CRob’s rapid-fire questions 15:32 - Advice for those entering the cybersecurity or open source development spaces 17:50 - Michael’s call to action Links: Michael Liberman on LinkedIn Kusari homepage GUAC homepage on OpenSSF SLSA homepage on OpenSSF Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…

What's in the SOSS? An OpenSSF Podcast

1
Sovereign Tech Agency’s Tara Tarakiyee and Funding Important Open Source Projects 16:47

cách đây 18 weeks trước16:47

16:47

In this episode, CRob talks to Tara Tarakiyee, FOSS technologist at the Sovereign Tech Agency, which supports the development, improvement and maintenance of open digital infrastructure. The Sovereign Tech Agency’s goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity and the people behind the code. 01:42 - Why the Sovereign Tech Fund became the Sovereign Tech Agency 03:59 - The ways the Sovereign Tech Agency supports open source infrastructure initiatives 04:42 - The four criteria for Sovereign Tech Agency funding: prevalence, relevance, vulnerability and public interest 06:51 - Sovereign Tech Agency success stories 09:09 Plans for the Sovereign Tech Agency in 2025 11:54 – Tara answers CRob’s rapid-fire questions 13:54 - Advice to those entering open source development or security field 14:55 - Tara’s call to action for listeners Episode links: Tara Tarayikee on Linkedin Sovereign Tech Agency homepage Apply for Sovereign Tech Fund investment Get involved with the OpenSSF Subscribe to the OpenSSF newsletter Follow the OpenSSF on LinkedIn…

What's in the SOSS? An OpenSSF Podcast

1
Alpha-Omega’s Michael Winser and Catalyzing Sustainable Improvements in Open Source Security 27:15

cách đây 19 weeks trước27:15

27:15

In this episode, CRob talks to Michael Winser, Technical Strategist for Alpha-Omega, an associated project of the OpenSSF that with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security. 01:00 - Michael shares his origin story into open source 02:09 - How Alpha-Omega came to be 03:48 Alpha-Omega’s mission is catalyzing sustainable security improvements 05:16 - The four types of investments Alpha-Omega makes to catalyze change 11:33 - Michael expands on his “clean the beach” approach to impacting open source security 16:41 - The 3F framework helps manage upstream dependencies effectively 21:13 - Michael answers CRob’s rapid-fire questions 23:06 - Michael’s advice to aspiring development and cybersecurity professionals 24:44 - Michael’s call to action for listeners Links Michael Winser on LinkedIn Alpha-Omega homepage OpenSSF on LinkedIn Subscribe to the OpenSSF newsletter Get involved with the OpenSSF community…

What's in the SOSS? An OpenSSF Podcast

1
Jack Cable of CISA and Zach Steindler of GitHub Dig Into Package Repository Security 23:44

cách đây 21 weeks trước23:44

23:44

CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.” 00:48 - Jack and Zach share their backgrounds 02:59 - What package repositories are and why they’re important to open source users 04:17 - The positive impact package security has on downstream users 07:06 - Jack and Zach offer insight into the "Prinicples for Package Repository Security" document 11:18 - Future endeavors of the Securing Software Repositories Working Group 17:32 - Jack and Zach answer CRob’s rapid-fire questions 19:31 - Advice for those entering the industry 21:28 - Jack and Zach share their calls to action Episode links: Zach Steindler on LinkedIn Jack Cable on LinkedIn OpenSSF on LinkedIn Securing Package Repositories Working Group Principles for Package Repository Security document Subscribe to the OpenSSF newsletter Get involved with the OpenSSF community…

What's in the SOSS? An OpenSSF Podcast

1
Red Hat's Rodrigo Freire and the Impact of High-Profile Security Incidents 16:58

cách đây 23 weeks trước16:58

16:58

In this episode, CRob talks to Rodrigo Freire, Red Hat's chief architect. They discuss high-profile incidents and vulnerability management in the open source community. Rodrigo has a distinguished track record of success and experience in several industries, especially high-performance and mission-critical environments in financial services. 01:08 - Rodrigo shares his entry into open source 02:42 - Diving into the specifics of a high-profile incident 06:22 - How security researchers coordinate a response to a high-profile incident 10:33 - The benefits of a vulnerability disclosure program 11:57 - Rodgiro answers CRob's rapid-fire questions 13:43 - Advice for anyone getting into the industry 14:26 - Rodrigo's call to action for listeners 15:53 - The importance of the security community working together Episode links: Rodrigo Freire on LinkedIn Rodrigo's blog on Red Hat's response to the XZ incident discovery Get involved with the OpenSSF community…

What's in the SOSS? An OpenSSF Podcast

1
Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer” 16:58

cách đây 25 weeks trước16:58

16:58

In this episode, CRob talks to Stephanie Domas, CISO at Canonical, the creators of the popular operating system Ubuntu. Having started her career with over 10 years of ethical hacking, reverse engineering and advanced vulnerability analysis, Stephanie has a deep knowledge and passion for the hacker mindset. 01:14: Stephanie shares how she got her start in security 05:41 Interesting things Stephanie has discovered since becoming more directly involved with open source 08:20 The challenge of instilling trust into those who consume open source 12:42 Stephanie answers CRob’s rapid-fire questions 14:07 Stephanie’s advice to those getting into cybersecurity 15:43 Stephanie’s call to action for listeners Episode links: Stephanie Domas on LinkedIn Canonical homepage White House’s M-22-18 memorandum CISA RSAA Secure Software Development Attestation Form NIST Secure Software Development Framework (SSDF) SP 800-218 Get involved with the OpenSSF community…

What's in the SOSS? An OpenSSF Podcast

1
Intel’s Katherine Druckman and the Impact of Developer Relations 14:23

cách đây 27 weeks trước14:23

14:23

In this episode, CRob discusses the finer points of developer relations (DevRel) with Katherine Druckman, Open Source Evangelist at Intel and co-chair of the OpenSSF Marketing Advisory Council and DevRel Community. Katherine enjoys sharing her passion for a variety of open source topics and is a long-time open source advocate, developer and podcaster. She’s currently the host of Open at Intel and co-host of the FLOSS Weekly and Reality 2.0 podcasts. She spent over a decade at Linux Journal. A passionate Drupalist since she first downloaded a tarball in 2005, she has also been a Drupal contributor and engineer. Additionally, Katherine will be a featured speaker at SOSS Fusion/24 in Atlanta on Oct. 22-23. SOSS Fusion/24 is a collaborative and forward-thinking initiative dedicated to securing open source software. This event will bring together a diverse community of professionals from the public sector, software developers, security engineers to cybersecurity experts, CISOs, CIOs, Founders and tech pioneers. Katherine will be an active participant at SOSS Fusion/24 and will share her insight at the following presentations: Roundtable: Building Developer Confidence in Software Security with the DevRel Community, with Lori Lorusso, Percona; Tabatha DiDomenico, G-Research. Oct 22, 11:30 a.m. Keynote: Fireside Chat with Window Snyder, Founder & CEO, Thistle Technologies, Oct. 23, 9:30 a.m. Keynote: Back to Security Basics: Evaluating, Consuming, and Contributing Open Source Software, Oct. 23, 9:55 a.m. Check out the full schedule for SOSS Fusion/24. 01:42 - Katherine shares her non-traditional journey into open source 03:30 - DevRel’s definition varies, depending on the organization 06:11 - Tips for making connections with developers 08:23 - How DevRel professionals can help integrate security practices and tooling into everyday maintainer activities 09:38 - Katherine answers CRob’s rapid-fire questions 11:05 - Katherine’s belief that all knowledge can be relevant — even if it’s outside of your field 12:23 - Developers and security folks should be working together Episode links: Katherine Druckman on LinkedIn OpenSSF DevRel Community Open at Intel podcast SOSS Fusion/24 Get involved with the OpenSSF community…

What's in the SOSS? An OpenSSF Podcast

1
Dell's Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level 16:24

cách đây 29 weeks trước16:24

16:24

In this episode, CRob sits down with Sarah Evans, security research technologist at Dell and Lisa Bradley, senior director of product and application security at Dell. They dig into the challenges of implementing secure open software at a complex enterprise. Sarah sits on the OpenSSF Technical Advisory Council and at Dell’s she has been instrumental in cybersecurity innovation, conducting research within the global CTO R&D organization. Her career spans pivotal roles, including being an enterprise security architect and engaging in Identity and Access Management and IT at prestigious organizations like Wells Fargo and the U.S. Air Force. Dr. Lisa Bradley is a distinguished cybersecurity expert and visionary leader. She has earned her reputation as a trailblazer in the field of security and vulnerability management. In her current role, she oversees Dell's Product Security Incident Response Team (PSIRT), Bug Bounty Program, SBOM initiative, Dependency Management, and Security Champion and Training Programs. 02:38 How Dell is managing its ingestion and productization of open source software 04:54 The complex task of managing open source software for a company the size of Dell 06:34 The importance of executive support when implementing security initiatives 10:40 Lisa and Sarah answer CRob’s rapid-fire questions 12:40 Lisa and Sarah’s advice to aspiring developers and security professionals 14:12 Lisa and Sarah’s call to action Episode links: Lisa Bradley on LinkedIn Sarah Evans on LinkedIn Get involved in the OpenSSF community…

What's in the SOSS? An OpenSSF Podcast

1
Bidding Adieu to Omkhar Arasaratnam 20:32

cách đây 31 weeks trước20:32

20:32

In this episode, CRob chats with Omkhar Arasaratnam, who has served as the general manager of the OpenSSF and was co-host of What’s in the SOSS? As Omkhar moves on to the next chapter of his occupational journey, he reflects on his tenure with the OpenSSF, shares his open source origin story and highlights the achievements of the OpenSSF and the tactics he used to engage different stakeholders. Omkhar shares his open source origin story 02:14 - Things Omkhar is proud of during his tenure at the OpenSSF 04:36 - The challenge of keeping myriad stakeholders engaged 07:12 - Areas of open source supply chains that public policymakers and regulators should better understand 09:44 - Some challenges ahead for the open source ecosystem 14:58 - Omkhar answers CRob’s rapid-fire questions 17:57 - Omkhar’s advice for people entering the open source community Links Omkhar Arasaratnam on LinkedIn Get involved with OpenSSF…

What's in the SOSS? An OpenSSF Podcast

1
CoSAI, OpenSSF and the Interesting Intersection of Secure AI and Open Source 22:47

cách đây 32 weeks trước22:47

22:47

Omkhar is joined by Dave LaBianca, security engineering director at Google, Mihai Maruseac, member of the Google Open Source Security Team, and Jay White, security principal program manager at Microsoft. David and Jay are on the Project Governing Board for the Coalition for Secure AI (CoSAI), an alliance of industry leaders, researchers and developers dedicated to enhancing the security of AI implementations. Additionally, Jay — along with Mihai — are leads on the OpenSSF AI/ML Security Working Group. In this conversation, they dig into CoSAI’s goals and the potential partnership with the OpenSSF. 00:57 - Guest introductions 01:56 - Dave and Jay offer insight into why CoSAI was necessary 05:16 - Jay and Mihai explain the complementary nature of OpenSSF's AI/ML Security Working Group and CoSAI 07:21 - Mihai digs into the importance of proving model provenance 08:50 - Dave shares his thoughts on future CoSAI/OpenSSF collaborations 11:13 - Jay, Dave and Mihai answer Omkhar’s rapid-fire questions 14:12 - The guests offer their advice to those entering the field today and their call to action for listeners Links David LaBianca on LinkedIn Mihai Maruseac on LinkedIn Jay White on LinkedIn CoSAI homepage OpenSSF AI/ML Security Working Group homepage Get involved with OpenSSF…

Chào mừng bạn đến với Player FM!

Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.

Nghe hơn 500 chủ đề

Tương tự như What's in the SOSS? An OpenSSF Podcast

Destiny 2 Volume 1 (Original Game Soundtrack)

Apple AirTag

TERRO Ant Killer Bait Stations T300B - Liquid Bait to Eliminate Ants - 12 Count Stations for Effective Indoor Ant Control

Podcast đáng để nghe

What's in the SOSS? An OpenSSF Podcast « » Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security

Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security

Podcast đáng để nghe

Chào mừng bạn đến với Player FM!

Bounty Quick Size Paper Towels, White, 8 Family Rolls = 20 Regular Rolls (Packaging May Vary)

Amazon Basics Multipurpose Copy Printer Paper, 8.5 x 11 inches, 20 lb, 1 Ream, 500 Sheets, 92 Bright, White

Mini Mic Pro (Newest Model), Wireless Microphone for iPhone, iPad, Android, Lavalier Microphone for Video Recording - 2 Pack iPhone Mic Crystal Clear Recording with USB-C for Podcast, ASMR

Ernie Ball Regular Slinky Nickel Wound Electric Guitar Strings, 10-46 Gauge (P02221)

Tương tự như What's in the SOSS? An OpenSSF Podcast

Hướng dẫn sử dụng nhanh

What's in the SOSS? An OpenSSF Podcast « »
Mark Russinovich and AI’s Impact on Software Engineering and Open Source Software Security