Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits

12/08/2025 25 min Temporada 2 Episodio 14

Listen "Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits"

Episode Synopsis

In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert third-party reviews, without creating fear or overwhelming developers.Episode Chapters:00:00 Introduction00:22 Podcast Welcome01:04 OSTIF Founders Introduction02:31 OSTIF's Mission and Approach05:28 Relationship Management and Expertise08:01 Evolution of Security Engagement Methods12:15 Making Security Audits Less Intimidating18:00 Rapid Fire Questions20:45 Closing, Call to ActionEpisode links:Derek Zimmer LinkedIn pageAmir Montezary LinkedIn pageOSTIF (Open Source Technology Improvement Fund)Get involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedInJoin us at OpenSSF Community Day Europe Aug 28, 2025

More episodes of the podcast What's in the SOSS? An OpenSSF Podcast

Securing the Future: AI, Open Source, and Collaboration with Jay White (Microsoft) 02/12/2025

SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical) 19/11/2025

A Deep Dive into the Open Source Project Security (OSPS) Baseline 04/11/2025

Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security Leader 21/10/2025

New Education Course: Secure AI/ML-Driven Software Development (LFEL1012) with David A. Wheeler 16/10/2025

The Remediation Revolution: How AI Agents Are Transforming Open Source Security with John Amaral of Root.io 07/10/2025

From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr Project 23/09/2025

Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts 09/09/2025

Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives 26/08/2025

From Compliance to Community: Meeting CRA Requirements Together 29/07/2025

Ver todos los episodios

ZARZA We are Zarza, the prestigious firm behind major projects in information technology.

Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits

Listen "Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits"

Episode Synopsis

More episodes of the podcast What's in the SOSS? An OpenSSF Podcast

Dot COM: The Internet’s dominant TLD

Free Internet, a prediction in Nostradamus style

Bandwidth: Broadband or Narrowband?

Personnel recruitment via Web

Deep web or Invisible Internet

Subdomains, a glance with the experts!

Free Internet, a prediction in Nostradamus style

Educational Technology: From traditional to digital

Localhost, there’s no place like 127.0.0.1

Googling with breathtaking tricks you ignore

Internet Predators on the prowl

Gray Hat Hacking, those with ambiguous ethics…

Dot COM: The Internet’s dominant TLD