Open Source Isn’t Broken

The open source software ecosystem has always faced tough challenges related to community, governance, and scalability. More than ever before, much conversation about open source struggles is devoted to the security of the software supply chain, especially when considering the unique challenges of a distributed, often anonymous, community-based development team. Josh Bressers, VP of Security at Anchore, fellow podcaster and Open SSF volunteer, joins us to talk about why, despite these challenges, open source isn't broken and how to address the very human aspects of open source security and communities. Resources: Avoiding the success trap: Toward policy for open-source software as infrastructure I am not a supplier All About SBOMs: The Software Bill of Materials Open Source: The Nerd Version of Formula One XKCD: Dependency Guest: Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Josh is the co-lead of the OpenSSF SBOM Everywhere project and co-hosts the Open Source Security Podcast and the Hacker History Podcast. He also is the co-founder of the Global Security Database project to bring vulnerability identification into the modern age.