I had a chat with @francoisproulx.bsky.social about CI/CD security and a tool he built to red team your own pipelines. Holy cow this is a wild topic right now. I chatted with François a bit over a year ago before CI/CD lit on fire, his warnings were very apt
opensourcesecurity.io/2026/2026-06...
I had a chat on #OpenSourceSecurity with Kat Cosgrove about open source being critical infrastructure
Kat has a ton of experience in the world of Kubernetes and had some really interesting things to tell us about both successful projects as well as having to shut down projects
Weekend at Bernie's - Which of your dependencies are wearing sunglasses?
nesbitt.io/2026/05/08/w...
The the wrap up with David Bernstein around how to test a disaster recovery / emergency response plan
I'm pretty excited to get these out, it feels like this topic is more relevant than it's ever been and David does a nice job explaining it all
opensourcesecurity.io/2026/2026-05...
Some incredible in-depth discussion between @vlad.website and @josh.bressers.name on the importance (and challenges) of paying OSS maintainers in this episode of Open Source Security! (PS thanks for the shout-out ☀️) opensourcesecurity.io/2026/2026-04...
Happy 40th, Maniacs
I had a chat on #OpenSourceSecurity with Mike Milinkovich and Thabang Mashologu from @eclipse.org about their new managed Open VSX registry
The Eclipse Foundation has a plan that seems pretty sensible to keep the Open VSX registry around for a long time
I really enjoyed talking to @josh.bressers.name about the @opensourcepledge.com, and about why and how we should support Open Source maintainers 😊
I had a chat with @vlad.website about the @opensourcepledge.com
Vlad has a ton of insight into how hard it is to just figure out what you're running plus the challenges maintainers have
Vlad has a ton of great ideas how to start tackling some of these incredibly difficult problems
I had chat with David Bernstein about creating a disaster recovery plan on #OpenSourceSecurity
With all the events unfolding almost every day lately, there's never been a better time to put a plan like this together. In a few weeks David will tell us how to test such a plan once we create it
Josh welcomes Mike Milinkovich and Thabang Mashologu from the Eclipse Foundation to talk about their new managed Open VSX registry. This is the first open source package registry to create a commercia...
Josh welcomes back François Proulx to talk about the absolute madness in the CI/CD universe right now. We also learn about François’ new project SmokedMeat which is a tool to help you hack your own CI...
opensourcesecurity.io
Josh talks to Kat Cosgrove about a how companies should be treating open source more like their critical infrastructure than free stuff. Kat has a ton of knowledge about how the interactions between c...
Josh and David finish up the disaster recovery and emergency planning trilogy. In this one David tells us how to test the plan he told us how to build in the last episode. There are some great ideas i...
opensourcesecurity.io
Josh has a discussion with Vlad-Stefan Harbuz about the Open Source Pledge as well as his recent FOSDEM talk. The Open Source Pledge is all about trying to build a sustainable universe for open source...
Josh has a discussion with Vlad-Stefan Harbuz about the Open Source Pledge as well as his recent FOSDEM talk. The Open Source Pledge is all about trying to build a sustainable universe for open source...
Josh welcomes back David Bernstein to talk about creating a disaster recover plan. It’s a very timely topic given all the current events. There are more supply chain attacks and compromises than ever ...
opensourcesecurity.io
Josh Bressers
Josh Bressers
Josh Bressers
Josh Bressers
Jason Scott
Andrew Nesbitt
Josh Bressers
Josh Bressers
Miranda Heath
Vlad-Stefan Harbuz
I had a chat with @vlad.website about the @opensourcepledge.com
Vlad has a ton of insight into how hard it is to just figure out what you're running plus the challenges maintainers have
Vlad has a ton of great ideas how to start tackling some of these incredibly difficult problems
Josh has a discussion with Vlad-Stefan Harbuz about the Open Source Pledge as well as his recent FOSDEM talk. The Open Source Pledge is all about trying to build a sustainable universe for open source...
