Licensing

Peppercorns and a scoop

Syft, Grype, and Grant with Alan Pope

I chat with Alan Pope about the open source security tools Syft, Grype, and Grant. These tools help create Software Bills of Materials (SBOMs) and scan for vulnerabilities. Learn why generating and storing SBOMs is crucial for understanding your software supply chain and quickly responding to new threats like Log4Shell. Episode Links Alan Syft Grype Grant Linux Matters podcast https://anchore.com/opensource/ This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player. ...

April 21, 2025 · Josh Bressers
Suricata Logo

Open Source Foundations with Kelley Misata of Suricata

In the world of open source software, we often celebrate the code, the contributors, and the collaboration. But beneath the surface lies a world unknown to most. It’s not a secret, it’s just not something most of us pay attention to, the foundations that drive some of the open source projects. I had the opportunity to discuss this with Dr. Kelly Masada, who has served as president of the Open Information Security Foundation (OISF) for over 12 years. OISF is the organization behind Suricata, the very capable and well known open source network analysis and threat detection software. ...

March 3, 2025 · Josh Bressers
wide-contract

Episode 396 - CLAs are bad, Mkay?

Josh and Kurt talk about contributor license agreements (CLAs). CLAs used to be seen as a necessary evil, but they’re almost certainly bad now. We’re seeing CLAs being abused, it’s clear now anything controlled by a CLA won’t be open source forever. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_396_CLAs_are_bad_Mkay.mp3 Show Notes A Theory of Joint Authorship for Free and Open Source Software Projects Bruce Perens: What Comes After Open Source

October 9, 2023
signpost-gf4f1381b6_1920

Episode 341 - Time till open source alternative

Josh and Kurt talk about the Time Till Open Source Alternative blog post. The numbers probably don’t mean what we think they mean anymore. A lot of modern open source is really corporate controlled. Just because something carries an open source license doesn’t mean you can contribute to it. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_341_Time_till_open_source_alternative.mp3 Show Notes Time Till Open Source Alternative GitHub Desktop issue 78 The Reddit Safe

September 19, 2022