In this episode of What's in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF, Tracy shares her journey through the ever-evolving world of open source security.We dig into the importance of configuration management, what DevSecOps really means, and how projects like the OpenSSF Scorecard and Ortelius help make our software supply chains more transparent and secure. Plus, we tackle the education gap between security pros and DevOps engineers—and how we can bridge it.If you're curious about building more secure pipelines or just want to geek out about SBOMs and Scorecard, this episode is for you.Chapters:00:25 – Welcome + Tracy's Open Source Origin Story02:00 – Early Days at the Eclipse Foundation03:10 – DevOps + DevSecOps: Why It Matters04:20 – Explaining the DevOps “Factory Floor”06:00 – DevOps Pipelines as Security Data Engines07:50 – What Is the OpenSSF Scorecard?09:30 – Ortelius: Aggregating DevOps + Security Insights11:20 – The DevOps Budget Problem + Exposing Insecure Packages13:00 – Why DevRel Is Critical for DevOps Security Education15:40 – Crossing the Divide Between DevOps and Security Teams16:10 – 🎉 Rapid Fire: Editors, Mascots & Spicy Food17:30 – Final Call to Action + How to Get InvolvedEpisode links:Tracy Ragan’s LinkedIn pageOrtelius ProjectScorecard ProjectEclipse FoundationCD FoundationGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

Ver todos los episodios