In this episode of What's in the SOSS, CRob sits down with John Amaral from Root.io to explore the evolving landscape of open source security and vulnerability management. They discuss how AI and LLM technologies are revolutionizing the way we approach security challenges, from the shift away from traditional "scan and triage" methodologies to an emerging "fix first" approach powered by agentic systems. John shares insights on the democratization of coding through AI tools, the unique security challenges of containerized environments versus traditional VMs, and how modern developers can leverage AI as a "pair programmer" and security analyst. The conversation covers the transition from "shift left" to "shift out" security practices and offers practical advice for open source maintainers looking to enhance their security posture using AI tools.Chapters:00:25 - Welcome and introductions01:05 - John's open source journey and Root.io's SIM Toolkit project02:24 - How application development has evolved over 20 years05:44 - The shift from engineering rigor to accessible coding with AI08:29 - Balancing AI acceleration with security responsibilities10:08 - Traditional vs. containerized vulnerability management approaches13:18 - Leveraging AI and ML for modern vulnerability management16:58 - The coming "remediation revolution" and fix-first approach18:24 - Why "shift left" security isn't working for developers19:35 - Using AI as a cybernetic programming and analysis partner20:02 - Call to action: Start using AI tools for security today22:00 - Closing thoughts and wrap-upEpisode links:John Amaral’s LinkedIn pageRoot websiteGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

Ver todos los episodios