In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstrate their project's security posture and fostering confidence in open source projects. They explore its integration with other OpenSSF projects, real-world applications like the GUAC case study, and its value to maintainers and stakeholders. The role of ...
All content for What's in the SOSS? An OpenSSF Podcast is the property of OpenSSF and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstrate their project's security posture and fostering confidence in open source projects. They explore its integration with other OpenSSF projects, real-world applications like the GUAC case study, and its value to maintainers and stakeholders. The role of ...
Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits
What's in the SOSS? An OpenSSF Podcast
25 minutes
2 months ago
Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits
In this episode of "What's in the SOSS," Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert third-party reviews, without creating fear or overwhelming developers. Episode Chapters: 00:00 Introduction00:22 Podcast Welcome01:04 OSTIF Founder...
What's in the SOSS? An OpenSSF Podcast
In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstrate their project's security posture and fostering confidence in open source projects. They explore its integration with other OpenSSF projects, real-world applications like the GUAC case study, and its value to maintainers and stakeholders. The role of ...
